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Showcasing  products  with 


FROM  OUR  TESTERS: 

Among  the  240  products  tested  last  year, 
these  14  earned  our  2003  Best  of  the  Tests  Award. 

FROM  OUR  COLUMNISTS: 

Five  products  so  innovative,  they  smash  boundaries. 

FROM  OUR  READERS: 

Four  IT  execs  tell  us  about  the  network  products  they  love. 
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Introducing  the  new  Microsoft  Office  System. 

Now  users  can  do  more  for  themselves  so  you  can  focus 
on  the  important  things.  More  than  just  the  core  suite 
you're  familiar  with,  the  new  Microsoft®  Office  System  is 
an  integrated  system  of  easy-to-use,  expanded  programs, 
servers,  services,  and  solutions  that  help  end  users  be 
more  self-sufficient.  With  Microsoft  Office  InfoPath™  2003, 
customer  defined  XML  and  web  services,  and  Microsoft 
Office  SharePoint™  Portal  Server  2003,  users'  documents 
and  forms  can  be  automatically  updated  with  the  latest 
information.  So  now  everyone  knows  they  have  the  most 
current  version,  minimizing  rework  and  data  reentry. 

And  less  busywork  for  them  means  even  less  busywork 
for  you.  To  find  out  how  the  Microsoft  Office  System 
can  work  for  you,  go  to  microsoft.com/officelT 


M  icrosoft  More  than  what  it  used  to  be,  it's  now  a 

Office  System  comprehensive,  customizable  system. 


Programs 


Servers 


Services 


Access  2003 
Excel  2003 
FrontPage®  2003 
InfoPath™  2003 
OneNote™  2003 
Outlook®  2003 


PowerPoint®  2003 
Project  2003 
Publisher  2003 
Visio®  2003 
Word  2003 


Project  Server  2003 

Live  Communications 
Server  2003 

Exchange 
Server  2003 

SharePoint™  Portal 
Server  2003 


Live  Meeting 
Office  Online 

Solutions 

Solution  Accelerators 


Enabling  Technologies: 

Windows  Server™  2003,  Windows®  SharePoint  Services, 
Rights  Management  Services 
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2:21  pm  No  one  accosts  you  on  way 
to  laser  printer  asking  for  help  updating 
corporate  forms  for  Tokyo  office. 
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STARTING 
LIST  PRICE 

(USD) 


AMD 


Opteron 


MAKE  SOLARIS 


MAKE  YOUR  BUSINES 
FASTER. 


Introducing  AMD  Opteron  Servers  from  Sun 

Sun  Fire™  V20z  servers  feature  screaming  AMD  Opteron  processors,  i 
Operating  System  up  to  45%  faster  than  comparable  32-bit  systems1 

Add  the  Sun  Java™  Enterprise  System  -  Sun’s  entire  infrastructure  por 
Storage  and  Services  to  experience  the  full  Sun  systems  advantage.  E 
performance  at  compelling  prices. 
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The  Network  is  the  Computer 


1.  BASED  ON  TESTS  WITH  AWD  S  OPTERON  VS.  3.2  GHZ  XEON  RUNNING  LINUX.  AMD  OPTERON  RAN  45’  FASTER  ON  SPECWEB  99SSL  -  BASED  ON  PUBLISHED  DATA  FROM  WWW.SPEC  ORG  1  /22/04.  FOR  SOLARIS  OS  MICROBENCHMARKS  PERFORMED  AN  AVERAGE 
42  '  FASTER  ON  AN  AMO  OPTERON  PROCESSOR  MODEL  246  (2.0  GHZ)  BASED  SYSTEM  COMPARED  TO  A  3.2  GHZ  XEON  SYSTEM.  2.  PRICING  IS  U.S.  LIST  PRICE.  ALL  PRICES  QUOTED  ARE  IN  U  S.  DOLLARS  •  TOLL-FREE  NUMBER  AVAILABLE  IN  THE  UNITED  STATES. 

CANADA  AND  INTERNATIONAL  AMERICAS  ONLY. 

2004  SUN  MICROSYSTEMS.  INC.  ALL  RIGHTS  RESERVED.  SUN.  SUN  MICROSYSTEMS.  THE  SUN  LOGO.  SOLARIS.  THE  SOLARIS  LOGO.  JAVA  THE  JAVA  LOGO.  AND  ‘THE  NETWORK  IS  THE  COMPUTER '  TAGLINE  ARE  TRADEMARKS  OR  REGISTERED  TRADEMARKS  FOR 
SUN  MICROSYSTEMS.  INC.  IN  THE  UNITED  STATES  AND  OTHER  COUNTRIES.  AMD,  THE  AMD  ARROW  LOGO,  AMD  OPTERON  AND  COMBINATIONS  THEREOF,  ARE  TRADEMARKS  FOR  ADVANCED  MICRO  DEVICES.  INC 
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EWorld 


9  Vendors  debut  VoIP  gear. 
9  RSA  highlights  new 


approaches  to  security. 

12  Enterasys  touts  a 

new  LAN  security  blueprint. 

12  End  users:  Microsoft 

Jupiter  e-biz  was  too  much. 

14  Hurdles  ahead  for  Cingular 
and  AT&T  Wireless. 

14  Veritas  enhances  storage 

management. 

16  Spam  still  evading  capture. 

17  Vendors  support  64-bit 
extensions. 


Showcasing  products  with  superb 
performance,  outstanding  features 
and  real-world  applicability. 

FROM  OUR  TEST  LABS: 

Selected  from  more  than  240,  we  pick  14  outstanding  products 

as  winners  of  the  2003  Best  of  the  Tests  Award.  PAGE  47. 

FROM  OUR  READERS: 

Four  IT  execs  tell  us  about  the  products  they  love.  Page  73. 

FROM  OUR  COLUMNISTS: 

Find  out  about  five  products  so  innovative,  they  smash 
boundaries.  Page  77. 


■  18  Demo’s  outlook  is  bright. 

Infrastructure 

■  21  D.C.  builds  high-speed  net. 

■  21  Cisco  powers  up  Catalyst  line. 


Technology 

Update 

■  37  AVDL  integrates  app  security. 
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Columnists 


■  22  Vernier  Networks  boosts 
mgmt.,  security  of  WLAN  pack. 

■  26  Dave  Kearns:  Rock  the 

'Net  vote. 


■  37  Steve  Blass:  Ask  Dr. 

Internet. 

■  40  Mark  Gibbs:  Cascading 
Style  Sheets  (2)  oh  joy! 


Forum:  IPS  in  the  wild 

Get  the  details  on  our  five-month  intrusion-prevention  system  test,  and 
then  hop  online  to  question  the  reviewers. 

DocFinder:  9872 


Enterprise 

Applications 

■  29  Internet  electronic  data  inter¬ 
change:  Blending  old  and  new. 

■  29  Web  services  components 
coming. 

■  30  Vendors  automate  patch 
management. 

■  32  Scott  Bradner:  Fighting 
terrorism  with  underwear  size. 


■  40  Keith  Shaw:  Demo 
2004:  Wish  list  keeps  expanding. 

Opinions 

■  42  Editorial:  The  new  Nortel 
looks  to  a  bright  future. 

■  43  Edward  Horrell:  The  IP 

telephone  wave  is  coming. 

■  43  Winn  Schwartau: 

MyDoom  makes  it  past  execs. 

■  96  BackSpin:  Fighting  spam: 
My  theory. 


Manage  your  desktops 

Head  online  to  our  "always-on"  Buyer's  Guide  for  desktop  management 
products.  Get  the  latest  information  from  vendors,  including  Altiris, 
Microsoft  and  Novell. 

DocFinder:  9650 

Layer  8:  Caption  contest 

See  who  won  last  week's  caption  contest  and  enter  this  week's  at  Fusion's 
not-just-networking  Web  log.  Take  a  chance  at  glory  —  and  a  free  prize. 

DocFinder:  9652 

j  Seminars  and  events 


Service  Providers 

■  35  A  look  at  Broadwing/Corvis 
union  one  year  after  deal. 


■  96  ’Net  Buzz:  Anti-Phishing 
Working  Group  has  hooked  a  live  one. 

■  92  Career  classifieds. 


■  35  Cisco  tackles  MPLS 
management. 

■  36  Johna  Till 
Johnson: 

Architecting  application- 
enabled  WANs. 


The  FlipStart 
laptop/PDA-type 
device  runs 
on  Windows  XP. 
Page  40. 


Messaging:  From  chaos  to  control 

Messaging  is  in  crisis.  Ever-escalating  e-mail  assaults  now  threaten  core 
competencies  of  even  the  most  sophisticated  corporations.  It's  time  for 
better,  more  aggressive  answers  that  again  make  messaging  a  corpo¬ 
rate-safe  application.  Industry  expert  and  Network  World  columnist  Mark 
Gibbs  will  present  the  latest  demos  and  new  tools. 

DocFinder  9876 


■  CONTACT  US  Network  World,  118Turnpike  Road,  Southborough, 
MA  01772;  Phone:  (508)  460-3333;  Fax:  (508)  490-6438; 

E-mail:  nwnews@nww.com;  STAFF:  See  the  masthead  on  page  16 
for  more  contact  information.  REPRINTS:  (717)  399-1900 
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Wireless  Wizards 

Differences  between  LWAPP  and  GRE 

Josh  in  Chicago  asks:  "What  are  the  impediments  to  mass 

adoption  of  GRE?" 

DocFinder:  9653 

Telework  Beat 

Top-down  telework 

Net.Worker  Managing  Editor  Toni  Kistner  examines  a 
program  targeting  decision-makers  that  hopes  to  add 
50,000  new  teleworkers  to  Metro  D.C.  by  mid-2005. 

DocFinder:  9874 

Home  Base 

Mirra  means  brainless  backup 

Columnist  Ron  Miller  looks  at  a  finance  company  that  plans  to 

replace  its  tape  system  with  Mirra  Personal  Server. 

DocFinder:  9875 

Small  Business  Tech 

Beating  the  rebate  runaround,  Part  3 

Readers  relate  their  frustration  on  acquiring  their  rebates  to 

columnist  James  Gaskin. 

DocFinder  9882 

Breaking  News 

Go  online  for  breaking  news  every  day  DocFinder  6342 

Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  top:-: , 

DocFinder  6343 


What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and 
resources  online.  Simply  enter  the  four-digit 
DocFinder  number  in  the  search  box  on  the 
home  page,  and  you’ll  jump  directly  to  the 
requested  information. 
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THE  POWER  TO  Monitor,  Anticipate,  Resolve 


Monitor  application  performance  from  every  angle — from  the  end-user  perspective  and  back  through 
the  network,  to  the  server  and  database  tiers — with  Compuware  Vantage.  Anticipate  application 
bottlenecks  before  they  impact  business  processes.  End  the  fingerpointing  between  network,  server 
and  development  teams  and  bring  a 
new  balance  to  problem  resolution. 


The  leader  in  IT  value. 


COMPUWARE 

www.compuware.com 
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Vendors  bring  on  the  VoIP  gear 

The  week  before  VoiceCon,  Session  Initiation  Protocol  is  the  focus  of  several  product  launches. 


■  BY  PHIL  HOCHMUTH 

In  the  next  few  weeks  IP  telephony  vendors  will 
launch  a  parade  of  new  gear  and  applications 
aimed  at  making  corporate  employees  more 
productive  via  converged  voice,  data  and  video 
applications. 

Alcatel  and  Avaya  this  week  are  scheduled  to  an¬ 
nounce  messaging  server  platforms  that  promise  to 
make  end  users  more  productive, with  unified  voice, 
e-mail,  chat  and  presence  management  features 
rolled  into  one  application.  Cisco  last  week 
announced  advancements  in  security,  interoperabil¬ 
ity  and  video  support  for  its  market-leading  IP  PBX 
platform. 

With  the  VoiceCon  IP  telephony  trade  show  loom¬ 
ing  —  March  1-4  in  Orlando  —  other  vendors  such 
as  Jasomi  Networks,  Net6,  Pingtel  and  Zultys 
Technologies  are  making  early  VoIP  product  pushes. 

Many  of  the  products  include  implementations  of 
Session  Initiation  Protocol  (SIP),  an  emerging  IETF 
standard  that  can  support  IP  voice,  video  and 
instant-messaging  applications. 

“SIP  support  is  very  important,”  says  Zeus 
Kerravala,  a  research  vice  president  at  The  Yankee 


Group.“If  IP  telephony  is  going  to  achieve  the  dream 
of  having  seamless  interoperability  between  service 
provider  networks  and  across  vendors’  [IP  PBX] 
equipment,  SIP  will  have  to  be  the  glue  that  does  it.” 

Avaya  is  scheduled  to  launch  its  Converged  Com¬ 
munications  Server,  which  is  a  SIP  proxy  server  that 
lets  SIP-based  clients,  such  as  phones,  or  PCs  with 
SIP  applications,  communicate  with  the  company’s 
Communications  Manager  IP  PBX  platform.  The 
Converged  Communications  Server  runs  on  Avaya’s 
Media  Server  hardware  —  an  Intel-based  server  run¬ 
ning  a  modified  Linux  system. 

Avaya’s  new  IP  Softphone  Release  5  is  the  SIP 
client  for  the  Converged  Communications  Server. 
The  client  is  a  SIP-based  softphone  application  for 
PCs,  bundled  with  an  encrypted,  SIP-based  IM  client 
and  presence  management  application.  Avaya  says 
the  software  will  help  drive  employee  productivity 
by  bringing  various  applications  into  a  single  view. 

“Many  enterprises  have  adopted  consumer  instant 
messaging  as  a  business  tool,”  says  Lawrence  Byrd, 
convergence  strategist  from  Avaya.  “We’re  letting 
[users]  put  instant  messaging  behind  the  firewall 
and  make  it  secure  and  manageable.” 

See  SIP,  page  18 


Cisco  CallManager 
4.0  server 
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Cisco  locks  down  IP 
PBXs,  phones 

New  security  measures  in 
CallManager  4.0  add  security 
agents,  encryption. 


•  ••• 
•••• 
•••• 


Cisco  IP 
phone 


O  A  CallManager 
server  detects  Cisco 
IP  phones  on  the 
network  and  uploads 
new  firmware  to  the 
devices. 


Q  The  firmware  upgrade  installs 
Cisco  Security  Agent  (CSA) 
software,  which  permits  the  phone 
to  register  with  the  CallManager. 
Voice  packet  and  signaling 
encryption  also  are  supported. 


©  Devices  not 
registered  with  the 
CallManager,  and 
without  CSA  soft¬ 
ware,  are  denied  all 
access  to  the  server. 


RSA  show  to  highlight  new  security  approaches 


■  BY  ELLEN  MESSMER 

The  10,000  people  expected  to  attend 
the  RSA  Conference  2004  this  week  in  San 
Francisco  will  be  treated  to  new  ap¬ 
proaches  to  the  age-old  security  problems 
of  fixing  vulnerabilities  and  verifying  user 
identities. 

At  last  year’s  RSA  Conference,  the  Organ¬ 
ization  for  the  Advancement  of  Structured 
Information  Standards  (OASIS)  launched 
an  effort  to  define  application  vulnerabili¬ 
ties  in  a  common  XML-based  format.  The 
goal  was  not  only  to  have  vulnerability- 
assessment  tools  define  problems  the 
same  way  but  automatically  share  the  in¬ 
formation  with  patch  management  prod¬ 
ucts  and  application-layer  firewalls  so 
holes  can  be  plugged  quickly 

OASIS’  efforts  will  come  to  fruition  at 


■  Read  about  Enterasys’  latest 
announcement  in  the  security 
arena.  PAGE  12. 


this  year’s  show  when  it  announces  the 
completion  of  Application  Vulnerability 
Description  Language  (AVDL)  Version 
1.0.  Security  vendors  backing  AVDL  will 
demonstrate  how  AVDL  addresses  Web 
vulnerabilities. 

Citadel,  NetContinuum,  Spi  Dynamics 
and  other  vendors  on  the  show  floor  will 
transmit  XML-based  information  between 
their  various  scanning  tools,  patch  prod¬ 
ucts  and  application  firewalls. 

The  U.S.  Department  of  Energy  plans  to 
use  AVDL  messages  as  the  basis  for  com¬ 
puter-incident  advisories. 

“We’d  like  to  see  all  vendor  and  patch- 
management  information  in  the  same  for¬ 
mat,”  says  John  Diaz, security  consultant  at 
the  Department  of  Energy.The  department 
keeps  a  vulnerability  database  and  plans 
to  put  what  it  calls  “AVDL  listeners”  on  its 
Oracle-based  portal  this  spring  to  push 
out  vulnerability  alerts  to  departmental 
security  teams. 

“Application  vulnerabilities  propagate  so 
rapidly  today  that  the  old  methods  of  deal¬ 
ing  with  them  no  longer  suffice,”  says 
Gartner  analyst  John  Pescatore,  who  will 


participate  in  panel  discussions  about 
AVDL  at  the  show.  “New  standards  like 
AVDL  offer  one  of  the  best  hopes  of  break¬ 
ing  this  cycle  by  dramatically  reducing  the 
time  between  the  discovery  of  a  new  vul¬ 
nerability  and  the  effective  response  at 
enterprise  sites.”  (For  more  information  on 
AVDL,  see  story  on  page  37.) 

As  part  of  an  interoperability  demonstra¬ 
tion,  NetContinuum  will  show  how  its 
application-layer  firewall  can  receive  an 
AVDL  message  from  Spi  Dynamics’ Webln- 
spect  vulnerability-assessment  tool  and 
automate  a  blocking  function  to  prevent 
the  hole  from  being  exploited. 

Spi  Dynamics  also  will  announce  a  dis¬ 
tributed  version  of  Weblnspect  it  calls 
Assessment  Management  Platform, 
which  will  be  able  to  inspect  hundreds 
of  Web  applications  and  servers  across 
various  locations  from  a  central  man¬ 
agement  console. That  product  is  sched¬ 
uled  to  ship  next  quarter. 

“If  Spi  Dynamics  discovers  a  vulnerabil¬ 
ity  and  sends  it  over  in  AVDL  format, 
NetContinuum  would  take  that  informa¬ 
tion  and  automate  the  blocking,” says  Wes 


Wasson,  NetContinuum  vice  president  of 
marketing. 

He  notes  that  AVDL,  which  OASIS  is 
expected  to  approve  next  month,  likely  will 
evolve  to  include  use  of  digital  signatures 
—  a  way  to  verify  the  identity  of  the  sender. 

Not  all  patch  management  vendors, 
though,  are  gung-ho  about  AVDL. 

For  example,  PatchLink  this  week  is  ex¬ 
pected  to  introduce  Version  6.0  of  its  Up¬ 
date  product,  which  handles  patch  distrib¬ 
ution  across  multiple  remote  offices  from  a 
central  point.  The  vendor  has  no  immedi¬ 
ate  plans  to  add  AVDL  support. 

PatchLink’s  scanning  tool  shares  data 
with  its  patch-updating  product,  says  Chris 
Andrews,  vice  president  of  product  man¬ 
agement.  “AVDL  could  be  something  wed 
do  in  the  future,  though,”  he  adds. 

Proof  of  identity 

Another  topic  that  will  be  front  and  cen¬ 
ter  at  the  conference  is  dealing  with  the 
ever-thornier  problem  of  user  identity. 
While  simple  passwords  are  used  for  many 
networks  and  applications,  they  can  be 

See  RSA,  page  20 
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■  Good  Bad  Ugly 


AOL,  EarthLink  sue  spammers 

■  Two  major  ISPs,  AOL  and  EarthLink,  have  filed  civil  complaints 
against  two  alleged  spam  rings  in  an  attempt  to  save  their  sub¬ 
scribers  from  unwanted  commercial  e-mail.  AOL  is  seeking  an 
injunction  against  further  unwanted  e-mail,  $1.6  million  in  statu¬ 
tory  damages  plus  other  damages.  AOL  has  been  investigating 
the  Florida  defendants  since  January  2003,  the  company  said. 
The  more  than  35  million  spam  e-mails  cited  in  AOL’s  lawsuit 
generated  approximately  1.5  million  complaints  from  AOL  mem¬ 
bers.  Defendants  include  Connor-Miller  Software,  in  Winter 
Garden,  Fla.,  two  officers  of  the  company,  James  Connor  and 
Charles  Henry  Miller  Jr.,  and  Miller’s  wife,  Heidi.The  company  did 
not  immediately  respond  to  a  request  for  comment.  In  a  separate 
action,  EarthLink  filed  a  new  complaint  in  a  legal  action  against 
what  it  called  a  multi-state  spam  ring. The  16  individuals  and  cor¬ 
porations  sent  out  more  than  250  million  illegal  spam 
e-mails,  EarthLink  says. 

Groups  advancing  UWB  momentum 

■  The  wireless  technology  called  ultrawideband  got  a  boost  last  week  at  the  Intel 
Developer  Forum  when  UWB  proponents  revamped  one  industry  group  and  launched 
another. The  Multi-Band  OFDM  Alliance, a  loose-knit  collection  of  more  than  70  UWB  sil¬ 
icon,  software,  network  and  consumer  electronics  vendors,  reconstituted  itself  formally 
as  a  special  interest  group. The  special  interest  group  will  set  out  governance  bylaws  and 
procedures,  especially  around  the  use  of  intellectual  property  for  the  multi-band 
orthogonal  frequency  division  multiplexing  technology  that  its  members  are  backing 
for  UWB  networking. The  group  will  publish  a  specification  in  May,  and  members  will 
start  building  products.  One  specification  user  will  be  the  newly  formed  Wireless  USB 
Promoter  Group,  which  includes  Agere  Systems,  HP  Intel,  Microsoft,  NEC  and  others,  all 
with  a  stake  in  converting  today’s  widely  used  USB  PC  interface  into  a  480M  bit/sec  wire¬ 
less  connection  based  on  UWB.  First  products  likely  are  due  in  early  2005. 


COMPENDIUM 

No  more  server  monitoring  woes 

"The  amazing  Linux  Duracelt  CPU  load  monitor"  shows  how  to  build  a  simple  device 
to  monitor  servers  using  the  skins  of  AA 
batteries  that  come  with  built-in  power 
monitors.  See  how  to  skin  a  battery  at 
www.nwfusion.com,  DocFinder:  9883. 


<y>  Built  for  speed.  Eddie  Bauer, 

J.C.  Penney,  Office  Depot,  Target  and 
Wal-Mart  are  tops  among  retailers  for 
having  the  speediest  Web  sites,  according 
to  a  new  Keynote  Systems  e-commerce 
survey.  These  sites  averaged  a  little 
less  than  12  seconds'  response  time 
for  the  multiple  steps  involved  in  a  typical 
transaction  vs.  nearly  40  seconds  for 
the  worst  sites,  according  to  Keynote. 


Office 
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<2>  Warning  shot  Microsoft  has  mailed  a  raft  of  warning  letters  to  Web  site 
operators  who  have  posted  unauthorized  copies  of  Windows  2000  and  Windows  NT 
40  source  code.  The  letters  maintain  that  such  posts  violate  copyright  and  trade- 
secret  law.  So  far  Microsoft  is  asking  politely  that  the  code  be  removed ...  but 
the  company  has  made  it  clear  that  sterner  action  will  be  forthcoming  for  those  who 
fail  to  comply. 


Not  kidding  around.  The  Federal  Trade  Commission  has  settled  with 
two  Web  site  operators  charged  with  violating  the  Children's  Online  Privacy  Protection 
Act,  netting  the  agency’s  largest  civil  penalty  yet  under  the  rule.  Bonzi  Software 
and  UMG  Recordings  were  accused  of  collecting  personal  information  from  children 
online  without  their  parents'  consent,  and  settled  for  $75,000  and  $400,000, 
respectively. 


Ciena  snaps  up  Catena,  Internet  Photonics 

■  Ciena  last  week  agreed  to  pony  up  $636  million  for  broadband-access  equipment 
maker  Catena  Networks  and  carrier-grade  optical  Ethernet  vendor  Internet  Photonics. 
The  Catena  deal  will  bring  Ciena  products  that  traditional  phone  carriers  are  likely  to 
buy  to  deliver  broadband  services  such  as  DSL  and  fiber-to-the-curb  or  fiber-to-the- 
home.  Internet  Photonics’  gear  is  aimed  at  cable  operators  and  potentially  phone  com¬ 
panies  to  deliver  Ethernet  services  that  include  voice,  video  and  data  on  one  connec¬ 
tion.  Ciena’s  CEO  Gary  Smith  says  the  purchase  of  Catena  will  give  his  company  access 
to  more  customers  and  also  to  products  that  let  carriers  offer  triple-play  —  integrated 
voice,  video  and  data  —  services.  Internet  Photonics’  equipment  lets  cable  operators 
offer  the  same  triple-play  services,  Smith  says. 

Server  management  spec  gets  makeover 

■  Dell,  HP  Intel  and  NEC  last  week  announced  Version  2.0  of  the  Intelligent  Platform 
Management  Interface  specification,  technology  to  help  users  manage  servers.  IPMI  2.0 
adds  several  features,  including  new  authentication  and  encryption  algorithms,  serial 
over  LAN  for  remote  interaction  with  serial-based  applications,  a  firmware  firewall  and 
new  user  logon  and  configuration  options,  the  companies  behind  IPMI  said  in  a  state¬ 
ment  released  at  the  Intel  Developer  Forum  in  San  Francisco. Version  2.0  of  IPMI  is  back¬ 
ward  compatible  with  IPMI  1.5,  which  is  currently  supported  in  servers  from  many  ven¬ 
dors,  including  Dell,  HP  and  NEC.The  specification  defines  interfaces  that  let  network 
managers  receive  status  alerts  and  send  instructions  to  industry-standard  servers  and 
run  diagnostics  over  a  network  instead  of  locally  at  the  server,  the  IPMI  backers  said. 

Lindows  forced  to  back  down  in  Europe 

■  Following  court  orders  barring  the  Lindows  name,  Linux  vendor  Lindows.com  has 
changed  its  name  in  several  European  countries  to  Lin — s,  pronounced  Lindash.  By 
changing  its  name,  Lindows.com  can  continue  to  offer  its  desktop  Linux  product  to  cit¬ 
izens  of  those  countries  where  Microsoft  won  injunctions  banning  the  Lindows  name, 
Lindows.com  said  in  a  statement  last  week.  A  new  Web  site  has  been  created  especially 
for  people  in  Belgium, the  Netherlands, Luxembourg  and  Sweden.Lindows.com  said. An 
Amsterdam  District  Court  judge  ruled  in  late  January  that  Lindows.com’s  use  of  the 
terms  Lindows,  LindowsOS  and  Lindows.com  violated  the  Benelux  Merkenwet,  the 
branding  law  for  Belgium,  the  Netherlands  and  Luxembourg  (Benelux).  Lindows  looks 
too  much  like  Microsoft’s  Windows,  the  judge  found. 


Can  your  network  turn 
business  as  we  k,now  it  into 

/  business  as  we  want  it? 

— . 

/  T 


IT  CAN  IF  IT’S  DESIGNED  BY  THE  WORLD’S  NETWORKING  COMPANY.  Now  that  everything  is  on  it,  your  network  is  more  important 
than  ever.  So,  can  your  network  handle  the  demands  of  a  transformed,  interconnected  and  very  demanding  new  world?  Is  it 
wired  and  wireless  and  virtual  and  constantly  available  to  authorized  personnel  and  nobody  else?  Is  it  in  lockstep  with  your 
partners  and  three  steps  ahead  of  your  customers?  At  AT&T,  we  don’t  just  carry  more  Internet  traffic  than  anyone  in  North 
America,  we’re  also  committed  to  building  simpler,  stronger  and  smarter  networking  environments.  And  it’s  why  we’re  partnering 
with  other  key  technology  companies  to  help  make  it  happen.  Can  your  network  overpower  every  obstacle  in  its  way  and  actually 
do  all  the  things  it  was  designed  to  do  in  the  first  place?  We’d  like  to  introduce  you  to  one  that  can.  Just  call  1-888-889-0234. 


AT&T 

The  world's  networking  company5* 


att.com/networking 
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Enterasys  floats  its  LAN  security  plan 


IIThe  problem  with  enterprise 
security  is  at  the  [LAN]  edge  -  the 
physical  jack  on  the  wall.  Security 
needs  to  extend  down  to  the  user 
onaper-port  level.  1 9 

Mark  Aslett 

President,  Enterasys  Networks 


■  BY  PHILHOCHMUTH 

Enterasys  Networks  this  week 
will  unveil  its  strategy  for  locking 
down  enterprise  LANs,  which 
involves  new  and  existing  prod¬ 
ucts  and  partnerships  with  enter¬ 
prise  security  vendors. 

The  Dynamic  Intrusion  Re¬ 
sponse  System  (DIRS)  is  Entera¬ 
sys’  blueprint  for  integrating  intru¬ 
sion  detection  with  LAN  switch¬ 
ing.  DIRS  creates  an  infrastructure 
that  can  identify  malicious  traffic 
and  quarantine, or  shut  down, sus¬ 
picious  user  network  connec¬ 
tions,  the  company  says. 

With  its  DIRS  push,  Enterasys 
also  is  taking  aim  at  Cisco,  which 
announced  its  Network  Admis¬ 
sion  Control  (NAC)  program  last 
fall.  NAC  works  with  third-party 
security  products  to  automate 
shutdown  or  quarantining  of  sus¬ 
picious  network  traffic  on  Cisco 
switches  and  routers. 

On  the  new-product  front,  Enter¬ 


asys  is  launching  the  NetSight 
Atlas  Automated  Security  Man¬ 
ager,  a  software  module  for  its 
NetSight  Atlas  network  and  policy 
management  platform,  that  will 
incorporate  intrusion  detection 
with  mechanisms  in  network 
gear  that  can  enforce  network 
polices.  This  will  let  suspicious 
traffic  be  redetected,  slowed  or 
blocked  under  user-defined  cir¬ 
cumstances,  according  to  Enter¬ 
asys.  The  Automated  Security 
Manager  will  draw  intrusion- 
detection  information  from  Enter¬ 
asys’  Dragon  brand  of  intrusion- 
detection  system  (IDS)  server 
software  and  appliances. 

Meanwhile,  Lucent  Professional 
Services,  the  consulting  arm  of 
Lucent,  will  sell  and  install  the 
company’s  DIRS-based  products. 
This  group,  which  has  11,000 
employees  and  about  2,350  carri¬ 
er  and  enterprise  customers,  gen¬ 
erated  $1.8  billion  in  revenue  for 
Lucent  in  2003.  Enterasys  and 


Lucent  also  will  work  on  co¬ 
developed  security  products, 
Enterasys  says. 

Using  switches  as  a  stopgap  dur¬ 
ing  security  outbreaks  became  a 
practice  last  fall  at  the  College  of 
William  and  Mary  in  Williams¬ 
burg, Va. 

“When  Nachia  and  Welchia 
[viruses]  first  hit  us,  the  ability  to 
enforce  polices”  at  the  [LAN] 
edge  was  crucial,  says  Scott  Fen- 


stenmacher,  network  manager  at 
the  college,  which  has  Enterasys 
N  Series  switches  at  the  LAN  edge 
and  NetSight  Atlas  Policy 
Manager  installed. 

These  viruses,  which  used  the 
Trivial  File  Transfer  Protocol 
(TFTP)  to  replicate,  easily  were 
shut  down.Fenstenmachersays.A 
network  policy  on  TFTP  traffic 
patterns  was  downloaded  to  the 
Enterasys  switches,  which  shut 


Planets  not  aligned  for  Microsoft  suite 


Change  of  plans 

Microsoft  is  dropping  plans  to  combine  three 
e-business  servers  into  a  product  called  Jupiter.  The 
plan  now  is  to  offer  the  servers  separately  under  the 
Windows  Server  System  banner  and  let  users  do  the 
integration. 
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■  BY  JOHN  FONTANA 

End  users  say  Microsoft’s  failed 
plan  to  blend  its  portal  and  integra¬ 
tion  software  was  nothing  more 
than  a  bloated  package  that  would 
have  forced  them  to  pay  for  soft¬ 
ware  they  don’t  need  or  want. 

Last  week  the  company  quietly 
scrapped  its  Jupiter  suite,  which 
was  to  combine  BizTalk  Server, 

Content  Management  Server  and 
Commerce  Server  into  one  prod¬ 
uct.  The  group  of  products  forms 
the  backbone  of  Microsoft’s  e-busi- 
ness  server  lineup. 

Introduced  to  much  fanfare  just 
over  a  year  ago,  the  suite  was 
designed  to  run  on  Windows  Server 
2003,  integrate  with  Visual  Studio 
.Net  development  tools  and  com¬ 
pete  with  Java-based  middleware 
bundles  from  BEA  Systems  and  IBM  for  sup¬ 
porting  content-rich,  process-driven  business 
applications. 

Microsoft  says  it  couldn’t  generate  end-user 
interest  in  the  stack  of  tools.  In  addition, 
Jupiter  could  have  created  licensing  issues 
and  other  headaches  while  not  providing 
much  benefit  over  buying  the  tools  separately, 
end  users  say. 

“Jupiter  was  vague, and  I’ve  never  had  some¬ 
one  ask  me  to  check  into  it,”  says  John  Kretz, 
president  of  Enlightened  Fbint  Consulting 
Group,  a  systems  integrator  in  Phoenix.“I  think 
the  feeling  has  been:  Don’t  integrate  these  into 
one  package  and  charge  me  for  what  1  don't 


need  or  want."  He  says  Microsoft’s  backtrack¬ 
ing  points  to  a  trend  he’s  seen  over  the  past 
year,  where  customers  are  no  longer  worried 
about  telling  Microsoft  how  they  feel. 

Others  agree  that  Microsoft  finally  con¬ 
cluded  Jupiter  was  off  target. 

“They  realized  they  were  doing  a  force-fit 
and  giving  companies  something  they  didn’t 
need,” says  Eric  Austvold.an  analyst  with  AMR 
Research.  He  says  many  companies  start  out 
with  a  small  project  and  grow  their  integration 
and  portal  infrastructure  piece  by  piece. 

“Customers  have  told  us  that  they  want  to 
buy  these  two  pieces  separately  —  portal  and 
integration  —  so  we  have  re-adjusted,”  says 


Steven  Martin,  lead  product  man¬ 
ager  for  the  e-business  server 
team  at  Microsoft.  But  Martin  says 
the  goal  of  offering  a  platform 
that  includes  both  pieces  is 
unchanged.  He  says  what  has 
changed  is  how  it  will  be  deliv¬ 
ered. 

In  a  letter  sent  to  customers 
and  business  partners  last  week, 
Microsoft  said  Jupiter’s  goals 
would  “be  realized  through  the 
Windows  Server  System,  an  effort 
that  aims  to  better  integrate  all  of 
our  server  technologies.” 

Just  how  the  Jupiter  servers  will 
be  better  integrated  is  still  on  the 
drawing  board,  Martin  says.  The 
company  has  been  focused  on 
Web  services  standards  as  the 
method  for  integrating  its 
servers,  clients  and  devices. 

Despite  Jupiter’s  demise,  the  first  phase  of 
the  project,  BizTalk  Server  2004,  will  ship  next 
week  and  include  support  for  the  Business 
Process  Execution  Language  for  Web  Ser¬ 
vices,  integration  with  InfoPath  and  Excel,  sin¬ 
gle  sign-on  features,  and  new  workflow  and 
business  rules  engines.  The  second  phase  of 
Jupiter,  tagged  Discovery  focuses  on  integrat¬ 
ing  BizTalk  Server  2004  with  Content  Man¬ 
agement  Server  and  Commerce  Server.  The 
timing  on  the  next  versions  of  those  servers  is 
has  not  been  announced,  but  last  fall 
Microsoft  aligned  Content  Management 
Server  with  ShareFbint  Fbrtal  Server  under  the 
Information  Worker  group.  ■ 


down  TFTP  traffic  that  has  a  pat¬ 
tern  matching  the  behavior  of  the 
viruses.  Network  connections  of 
infected  users  were  cut  off  at  the 
port,  and  administrators  were 
notified  of  the  events. 

Enterasys’  DIRS  architecture 
includes  NetSight  Atlas  Policy 
Manager,  Dragon  IDS  and  LAN 
switches.  Together  these  devices 
and  applications  can  identify  bad 
traffic  types,  and  rate  limit  or  shut 
down  flows  based  on  802. lx 
technology  at  the  port  level. 
Policies  also  can  be  configured  in 
the  system  to  route  suspicious 
traffic  to  secured  segments  of  the 
network  —  which  Enterasys  users 
sometimes  call  penalty  boxes. 

This  type  of  security  capability 
built  into  basic  infrastructure 
boxes,  such  as  switches,  provides 
more  filters  on  an  enterprise  net¬ 
work  than  stand-alone  security 
products, says  Enterasys  President 
Mark  Aslett. 

“Adding  stand-alone  security 
appliances  to  secure  the  LAN 
infrastructure  is  not  really  taking 
an  active  posture”  regarding 
enterprise  security  he  says. 

Enterasys  also  is  announcing 
its  Secure  Networks  Certified 
Partner  Program  so  DIRS-en- 
abled  switches  and  policy  serv¬ 
ers  can  communicate  with  prod¬ 
ucts  from  other  firewall,  anti¬ 
virus  and  IDS  vendors.  This  pro¬ 
gram  initially  will  include 
Lucent,  with  its  VPN  Firewall 
Brick  product,  says  Enterasys 
CTO  John  Roese. Other  Enterasys 
security  partners  such  as  Check 
Point,  Sygate. Technologies  and 
Zone  Labs  will  follow  later  this 
year,  he  adds. 

Aslett  says  his  company  has  a 
jump  on  Cisco’s  competing  NAC 
technology  because  much  of  the 
technology  behind  DIRS  has 
been  in  place  for  years.  NAC  tech¬ 
nology,  due  to  be  delivered  later 
this  year. 

“A  majority  of  enterprises  don’t 
want  to  deploy  another  client 
piece  of  software  on  the  desk¬ 
tops,”  Aslett  says,  referring  to  Cisco 
Security  Agent  client  software, 
required  to  authenticate  users  to  a 
NAC-enabled  Cisco  infrastructure. 

“If  you  look  at  what  Cisco’s 
doing  with  NAC  . . .  they’re  target¬ 
ing  desktop  clients.  The  problem 
with  enterprise  security  is  at  the 
[LAN]  edge  —  the  physical  jack 
on  the  wall.  Security  needs  to 
extend  down  to  the  user  on  a  per- 
port  level,”  he  says. 

Cisco  declined  to  comment  on 
the  Enterasys  announcement.  ■ 


A  NETWORK  OUTAGE  THREATENS 
TO  SHUT  DOWN  GLOBAL  DISTRIBUTION 
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CAN  YOUR  SOFTWARE  KEEP  BUSINESS  FROM  DISAPPEARING? 


Business  Service  Management  solutions  from 
BMC  Software®  can.  In  fact,  they  let  you  predict 
critical  performance  problems  and  resolve  them 
before  they  ever  impact  your  business.  And  you 
can  prioritize  IT  management,  investments  and 
resource  allocations  to  optimize  your  business 
performance.  So  you  can  solidly  align  your  IT 
investments  with  strategic  business  goals. 


©  2004  BMC  Software  Inc. 


And  protect  the  delivery  of  vital  business  services 
like  sales,  customer  service,  online  transactions, 
logistics  and  distribution — whatever  is  most 
critical  to  your  company's  success.  It's  enterprise 
management  software  that  works  with  your  existing 
IT  resources  to  let  you  manage  what  matters  from 
a  business  perspective  and  execute  with  precision. 
Find  out  how  at  www.bmc.com/bsm35 
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Gingular,  AT&T  Wireless  face  hurdles 


■  BY  DENISE  PAPPALARDO  AND 
JIM  DUFFY 

Wireless  giant  it  will  be,  but  the 
combination  of  Cingular  and 
AT&T  Wireless  will  need  to 
improve  customer  service  and 
articulate  —  then  execute  —  a 
clear  network  integration  plan 
before  it  will  truly  frighten  com¬ 
petitors,  experts  say 

Last  week  Cingular  Wireless 
announced  plans  to  acquire 
AT&T  Wireless  for  $41  billion  and 
the  assumption  of  $6  billion  in 
debt.  The  joined  companies  will 
have  46  million  customers  with 
$32  billion  in  revenue  based  on 
year-end  figures.  Although  the 
new  Cingular  will  be  bigger  than 
its  next-largest  competitor — Veri¬ 
zon  Wireless, with  37.5  million  cus¬ 
tomers  —  this  initially  might  be  a 
case  where  bigger  is  not  better. 

Merger  aside,  the  challenges  are 
no  secret. 

Last  year,  AT&T  Wireless  and 
Cingular  lost  more  customers 
than  competitors  Nextel,  Sprint 
PCS,  T-Mobile  and  Verizon  Wire¬ 
less.  Cingular  has  to  find  a  way  to 
stem  the  exodus  as  it  absorbs 
AT&T  Wireless.  According  to  a 
report  published  by  consulting 
firm  Mobile  Competency,  Cing- 
ular’s  quarterly  churn  rate  in  2003 
averaged  2. 7%. The  company  lost 
nearly  one-third  of  its  customers 
last  year.  AT&T  Wireless  wasn’t  far 
behind,  with  quarterly  churn  rates 
averaging  2.6%. 

Average  churn  at  Nextel  Com¬ 
munications  last  year  was  1.6% 
and  1.8%  at  Verizon  Wireless. 

Why  are  AT&T  and  Cingular 
having  trouble  holding  on  to  cus¬ 
tomers?  Because  of  “poor  cus¬ 
tomer  service,  spotty  coverage 
and  a  difficult  transition  from  one 
network  technology  to  another;” 
says  Bob  Egan,  president  of 
Mobile  Competency  in  a  report. 

Egan  points  out  that  combining 
the  companies  doesn’t  erase  their 
problems,  but  rather  “will  only 
exacerbate  them.” 

As  each  company  operates  sep¬ 
arately  over  the  next  10  months, 
both  should  seriously  address 
customer  service  issues,  from  net¬ 
work  coverage,  service  quality 
and  billing  problems,  experts  say. 
If  each  has  not  reduced  customer 
defections  before  the  merger,  it 
will  be  that  more  difficult  to  do  so 
once  the  new  Cingular  integrates 
services  and  platforms. 

While  AT&T  Wireless  and 
Cingular  like  to  focus  on  their 
GSM  networks,  both  still  operate 


Not  an  easy  fit 

Challenges  facing  Cingular  and  AT&T  Wireless  as  they 
attempt  to  join  forces  include: 

•:  Integrating  multiple  networks  based  onTDMA,  GSM  and  EDGE. 

•  Improving  customer  service,  an  area  in  which  both  have  struggled. 

•  Reducing  customer  churn  rates. 

•  Proving  to  business  users  —  not  just  Wall  Street  —  that  the 
merger  is  good  for  customers. 

•  Sorting  through  various  marketing  arrangements  that  each  has 
with  other  carriers. 


legacy  Time  Division  Multiple 
Access  networks  throughout  the 
U.S.  That’s  four  different  networks 
and  even  more  billing  systems 
that  will  have  to  be  integrated. 
“Merging  these  networks  together 
will  be  more  complex  than  previ¬ 
ous  merger  attempts  undertaken 
by  most  carriers,”  according  to  a 
report  from  Current  Analysis. 

Experts  say  the  carriers  are  deal¬ 
ing  with  too  many  networks  and 
back-office  systems  to  provide  for 
a  smooth  network  transition. 

Despite  a  predicted  dicey 
beginning,  the  joined  companies 
should  be  able  to  offer  customers 
stronger  geographic  coverage. 
Cingular  says  that  with  AT&T 
Wireless’  network  reach  it  will 
have  service  coverage  in  97  of  the 
top  100  markets.  It  has  services  in 
87  of  those  markets  today.  The 
report  from  Current  Analysis  says, 
“the  additional  spectrum  will 
help  improve  overall  quality  of 
service  as  it  will  reduce  the  likeli¬ 
hood  of  dropped  calls.” 

One  additional  bright  spot  for 
Cingular  and  its  customers  is  that 
AT&T  has  a  wireless  data  service 
in  place. 

“Wireless  data  is  somewhere 
between  a  placeholder  and  a  big 
void  for  Cingular,”  says  Roger 
Entner,  an  analyst  at  The  Yankee 
Group.  It  would  make  the  most 
sense  if  Cingular  rolled  out 
AT&T’s  mMode  wireless  service 
to  all  of  its  customers  once  the 
deal  goes  through,  he  says. 

Although  neither  carrier  has 
push-to-talk  service  today  both  are 
working  with  Ericsson  and  Nokia 
to  get  this  service  up  and  running. 
Because  they  use  the  same  ven¬ 
dors  it’s  more  likely  that  the  ser¬ 
vices  will  interoperate  after  the 
merger,  Entner  says. 

One  benefit  of  the  deal  that 
might  be  felt  throughout  the  busi¬ 
ness-user  community  is  price 
reductions. 

“Everyone  will  continue  to  see 
declines  in  prices,”  Entner  says. 
“Not  necessarily  as  quickly  as  in 


the  past,  where  we  saw  20%  to 
25%  [price  declines]  per  year,  but 
we  should  still  see  prices  decline 


in  the  teens.” 

Even  though  this  merger  is 
expected  to  be  the  first  of  several 
big  deals  that  could  shrink  the 
number  of  big  national  carriers 
from  six  to  perhaps  three  over  the 
next  few  of  years,  everyone  is  still 
fighting  for  a  bigger  piece  of  the 
market. 

As  both  Vodafone  and  NTT 
DoCoMo  lost  on  their  bids  for 
AT&T  Wireless,  it’s  still  possible 
both  will  look  to  acquire  a  do¬ 
mestic  wireless  provider. 
T-Mobile  seems  the  most  likely  be¬ 
cause  it’s  the  only  other  GSM  pro¬ 
vider  besides  AT&T  Wireless  and 


Cingular  left  of  the  big  six.  But 
according  to  press  reports, 
Deutsche  Telekom, T-Mobile s  par¬ 
ent,  isn’t  selling.Then  there  is  Nex¬ 
tel,  which  has  no  ties  to  any  U.S. 
provider  because  its  network  is 
based  on  a  proprietary  Motorola 
technology 

Analysts  have  speculated  that 
Verizon  Wireless  might  seek  out 
Sprint  PCS  or  smaller  national 
player  Alltel  to  expand  its  cus¬ 
tomer  base  and  revenue. 

Cingular’s  acquisition  is  subject 
to  regulatory  approval,  but  execu¬ 
tives  say  they  expect  it  to  close  by 
year-end.  ■ 


Veritas  bolsters  storage  mgmt 


■  BY  DENI  CONNOR 

Veritas  Software  this  week  is  set  to 
announce  management  and  virtu¬ 
alization  software  that  the  company 
says  will  help  customers  more  easi¬ 
ly  manage  and  allocate  network 
storage  capacity 

The  Veritas  Storage  Foundation 
4.0,  formerly  called  the  Veritas 
Foundation  Suite  3.5,  implements 
new  features,  including: 

•  Online  file  migration,  which  lets 
out-of-date  or  unused  files  be 
moved  automatically,  based  on 
rules. 

•  Provisioning  templates  that 
storage  administrators  can  use 
to  allocate  new  storage. 

•  Dynamic  multipathing, 
which  spreads  data  across 
multiple  paths  between 
servers  and  storage  for 
increased  performance  and 
fault  tolerance. 

•  Portable  data  containers 

that  let  data  be  moved  among  servers  using  different 
operating  systems. 

•  Enhancements  to  its  FlashSnap  product  that  lets 
snapshots  of  volumes  and  file  systems  be  taken  so 
data  can  be  recovered  quickly. 

Steve  Rubinow,  CIO  for  Archipelago,  an  electronic 
stock  exchange  in  Chicago,  uses  Veritas  Foundation 
Suite.“Dynamic  multipathing  is  a  big  deal  for  us,”  he 
says.“We  are  always  very  concerned  about  the  num¬ 
ber  of  paths  we  have  to  data  for  performance  rea¬ 
sons.  It’s  basic  for  redundancy,  but  essential  for  per¬ 
formance.  We  find  ourselves  looking  at  some  of  the 
things  we’ve  configured  and  saying  there’s  a  poten¬ 
tial  for  a  bottleneck  here  if  things  get  hot  and  heavy’ 

Rubinow  isn’t  certain  that  he  would  trust  provi¬ 
sioning  more  storage  to  an  automatic  template. 

“There’s  a  part  of  us  that  says  the  automatic  provi¬ 
sioning  is  a  really  cool  feature  but  it  makes  us  a  little 
bit  nervous  if  it  doesn’t  work  properly”  he  says. 

Analysts  disagree. 

“Storage  Foundation  has  five  major  new  features,” 
says  Jamie  Gruener,  senior  analyst  for  The  Yankee 


Storage  Foundation  Suite 

One  new  feature  lets  administrators  automatically 
migrate  out-of-date  information  from  one  disk  to  another. 


Window  shows  size  of  the  volume 
and  how  much  capacity  is  utilized. 


Administrator 
selects  File  Systems 
for  which  he  wants 
to  modify  the  disk 
volume  capacity- 
reallocation  policy. 


Administrator  can  change  the  policy  and  can 

affect  how  data  is  migrated  between  volumes. 
_ ✓ 

Group.“The  ones  that  are  important  are  the  pro¬ 
visioning  templates  so  you  have  a  consistent 
way  of  dealing  with  data.The  second  big  thing  is  the 
online  file  migration,  which  lets  you  migrate  files 
from  a  high-performance  array  to  Serial  [Advanced 
Technology  Attachment]  or  something  else  by  pol¬ 
icy  —  it’s  the  functionality  you  would  want  if  you 
were  doing  information  lifecycle  management.” 

Although  Veritas’  Storage  Foundation  is  not  the 
only  product  with  these  capabilities,  it  is  the  only 
one  in  a  single  package. 

Other  vendors,  such  as  EMC  and  start-ups  AppIQ 
and  Stonefly,  offer  storage  provisioning.  EMC  and 
IBM  also  have  products  that  do  policy-based  data 
migration.  Sun  offers  its  Universal  File  System  and 
incorporates  volume-management  capability  into 
the  Solaris  operating  system,  but  has  no  provisions 
for  data  migration. 

Storage  Foundation  works  on  Solaris,  HP-UX,  A1X, 
Linux  and  Windows-based  servers.  The  software  is 
priced  starting  at  $2,500.  An  Enterprise  Edition, 
which  includes  the  online  file  migration,  FlashSnap 
capability  and  support  for  the  Veritas  Volume 
Replicator,  starts  at  $4,700.  ■ 


The  new  HP  ProLiant  DL140,  powered  by  the  Intel  Xeon™  processor,  delivers  the  expandable  performance  your  workload 

demands.  Now  you  can  get  the  ProLiant  reliability  you  expect  at  a  price  you  might  not— and,  through  February  29,  you'll  get  double  the  memory  for  free.  HP's  newest 
server  is  designed  with  the  latest  industry-standard  technologies  to  keep  it  affordable,  easy  to  set  up,  integrate  and  maintain.  The  reliable,  hardworking  DL140  helps  you 
spend  more  time  focusing  on  your  business  and  less  time  serving  your  server.  Demand  more  of  what  you  need.  Demand  a  server  that's  powerfully  simple  and  HP 
dependable.  Demand  it  for  less  from  HP. 


HP  ProLiant  DL140 
SERVER 

with  Free  Double  Memory 

$1,149 

One  Intel®  Xeon™  processor  2.40GHz 
(upgradable  to  2) 

1 GB  SDRAM  for  the  price  of  5 1 2MB 
(upgradable  to  4GB) 

80GB  ATA  Hard  Drive* 

Integrated  Dual  10/100/1000  NICs 

One  PCI-X  64-bit/133MHz  slot 

Standard  Quick  Deployment  Rails 

1-Year  Limited  Global  Warrantyt 


invent 


To  find  out  more,  visit  www.hp.com/go/hp5  or  call  1-800-888-5814. 


Otter  available  when  bought  direct  Iran  HP  or  from  participating  authorized  resellers  Prices  shown  are  HP  direct  prices;  reseller  and  retailer  prices  may  vary.  Prices  shown  are  subject  to  change  and  do  not  include  applicable  state  and  local  sales  taxes  or  shipping  to  recipient's  destination.  HP  is  not  haoie  tor  edit'..  .  p.  .  .  - 

typographical  errors  in  tt«s  advertisement  Photography  may  not  accurately  represent  exact  configurations  priced  Otters  cannot  be  combined  with  any  other  otter  or  discount  and  are  good  while  supplies  last.  Limited  order  quantities.  Pranxitioris  void  where  prohibited  or  restricted  by  law  'For  hard  drives.  GB^Driiioritr,'* 

restrictions  and  exclusions  may  apply  For  complete  warranty  details,  call  1  -800-345-1518  <U.S.)  Intel,  Intel  Inside,  the  Intel  Inside  Logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ©2004  Hewlett-Packard  Development '  imce' ,  :  > 
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Vendors  remain  a  step  behind  spam 

CAN-SPAM  appears  to  be  doing  little  to  alleviate  the  problem  either. 


■  BY  CARA  GARRETSON 

Despite  a  new  federal  law,  junk 
e-mail  shows  no  signs  of  slowing, 
which  means  anti-spam  vendors 
must  constantly  update  their  pro¬ 
ducts  to  keep  pace  and  preserve 
any  hope  of  distinguishing  them¬ 
selves  in  an  overcrowded  market. 

The  amount  of  spam  sent  in 
January  actually  increased  over 
November  and  December,  accor¬ 
ding  to  messaging  company 
SurfControl,  which  analyzes  8,000 
to  10,000  e-mails  daily  It  appears 
spammers  aren’t  taking  seriously 
the  CAN-SPAM  law  that  took 
effect  Jan.  1:  Less  than  1%  of  bulk 
e-mail  sent  this  year  complies 
with  CAN-SPAM,  according  to 
anti-spam  vendor  Commtouch. 

That  early  track  record  rein¬ 
forces  the  view  held  by  some  ex¬ 
perts  that  only  technology  will 
be  able  to  protect  companies 
from  unwanted  e-mail. While  this 
creates  a  solid  business  opportu¬ 
nity  for  anti-spam  vendors,  it  also 
forces  those  vendors  to  spend 
untold  research  and  develop¬ 
ment  dollars. 

“It’s  definitely  an  arms  race,” 
says  Matthew  Prince,  CEO  of  anti¬ 
spam  consulting  firm  Unspam. 
The  rise  in  volume  of  spam  cor¬ 
responds  one-to-one  with  e-mail 
filtering:  As  more  filters  are  put 
into  place,  spammers  crank  up 
the  volume  of  spam.” 

Vendors  also  are  forced  to 
strike  a  balance  between  block¬ 
ing  spam  and  ensuring  that 
wanted  e-mail  isn’t  trapped  by 
their  filters  —  a  balance  not  all 
are  managing  well. 

“They  have  to  make  sure  what¬ 
ever  they  do  is  not  overinclusive,” 
Prince  adds.  “Filter  vendors  want 

\  I  / 
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■  THIS  WEEK’S  QUESTION: 

Which  wireless  carrier 
was  originally  named 
Fleet  Call? 


Stumped?  Get  the  answer  online. 
Visit  Network  World  Fusion  and  enter 
2349  in  the  Search  box. 


Catching  up  with  spam 

With  federal  legislation  not  getting  the  job  done  thus  far,  it  seems  users  will  have  to 
depend  on  technology  to  thwart  junk  e-mail.  Here  are  some  recent  anti-spam  product 
announcements: 


Company 

Product 

Description 

Availability 

Price 

Sophos 

PureMessage 

4.5 

Anti-spam 
gateway  software 

Now 

$7.43  per  user  up  to  1,999 
users;  beyond  2,000  volume 
discounts  apply. 

CipherTrust 

IronMail  4.0  S 
Series 

Anti-spam 
gateway  appliance 
for  SMB  market 

Now 

Starts  at  $9,500  for  up  to  250 
users,  $15,900  for  251  to  500 
users;  $19,990  for  500  to  1,000 

users. 

MailFrontier 

Enterprise 
Gateway  3.0 

Anti-spam 
gateway  software 

End  of  March 

$15  per  user,  per  year. 

to  make  sure  they’re  not  coming 
up  with  something  they  predict 
will  block  the  next  [spammer] 
trick  and  ends  up  blocking  the 
next  way  a  customer  wants  to 
communicate  with  a  company’ 

Today’s  anti-spam  industry  is 
much  like  the  anti-virus  industry 
of  a  few  years  ago,  when  many 
companies  invested  heavily  in 
developing  anti-virus  engines  as 
the  underpinning  of  their  prod¬ 
ucts,  says  Ralph  Pisani.vice  pres¬ 
ident  of  channel  and  business 
development  with  CipherTrust. 
However,  not  all  the  companies 
currently  selling  anti-spam  prod¬ 
ucts  can  continue  investing 
indefinitely. 

“Anti-spam  vendors  have  to 
look  at  the  problem  every  single 
day  and  come  up  with  some¬ 
thing  better  than  they  have 
today’ says  Masha  Khmartseva,  a 
senior  analyst  at  The  Radicati 
Group.  She  predicts  that,  much 
like  the  anti-virus  market,  the 
anti-spam  industry  will  consoli¬ 
date  into  a  few  key  players  over 
the  next  few  years. 

Many  organizations  have  come 
to  consider  anti-spam  filters  as 
important  as  anti-virus  protec¬ 
tion,  so  keeping  up  with  the  con¬ 
stant  churn  of  products  and  filter 
updates  is  viewed  as  a  necessity 
Anti-spam  protection  “is  the  same 
as  with  virus  protection,  which  is 
critically  important  to  us  on  the 
security  side,  so  we  update  signa¬ 
tures  every  day”  says  Rob 
Hempel,  IT  manager  at  the  Lex¬ 
ington  Convention  and  Visitors 
Bureau  in  Kentucky  The  bureau 
uses  spam  filters  found  in  Ip- 
switch’s  IMail  Messaging  server  to 
keep  unwanted  messages  to  a 
minimum.  However,  “we  don’t 
have  to  update  [spam  filters] 


quite  as  frequentlyso  it’s  not  quite 
[as  much  work]  as  with  viruses,” 
he  adds. 

Until  the  market  consolidates, 
anti-spam  vendors  will  continue 
to  upgrade  their  products  with  fil¬ 
ters  and  techniques  to  trap  the  lat¬ 
est  spam  campaigns  and  distin¬ 
guish  themselves  from  the  pack. 

CipherTrust  is  looking  to  court 
small  and  midsize  businesses 
with  a  version  of  its  IronMail  4.0 
gateway  appliance  aimed  at 
organizations  with  fewer  than 
1 ,000  users. 

The  anti-spam  appliance  is  de¬ 
signed  to  be  easy  to  set  up  and 
maintain,  with  all  of  the  security 
features  found  in  the  company’s 
enterprise  appliance,  minus  some 
Web  mail  protection  and  ad¬ 
vanced  encryption,  says  Matt 
Anthony  director  of  marketing. 

With  IronMail  4.0,  which  will  be 
sold  exclusively  through  Cipher- 
Trust  channel  partners,  the  com¬ 
pany  is  hoping  to  round  out  its 
user  base. “This  product  will  help 
us  grow  and  expand  our  compa¬ 
ny  and  reach  markets  we  can’t 
reach  on  our  own,”  CipherTrust’s 
Pisani  says. 

Another  appliance  maker,  Mira- 
point,  last  month  announced  a 
version  of  its  anti-spam  gateway 
product  aimed  at  the  same  mar¬ 
ket  segment. 

IronPort  Systems  is  pushing 
spam-fighting  standards  to  help 
distinguish  its  e-mail  gateway  pro¬ 
ducts.  The  company  last  week 
previewed  its  SenderBase  client, 
an  e-mail  forgery-detection  tool 
based  on  its  e-mail  sender  reputa¬ 
tion  service  that  uses  SMTPi  as  an 
underpinning.  SMTPi  is  an  indus¬ 
try  initiative  to  add  sender  identi¬ 
ty  and  reputation  information  to 
Simple  Mail  Transfer  Protocol, 


says  Pete  Schlampp,  IronPort’s 
director  of  product  management. 

Anti-virus  company  Sophos, 
which  last  fall  acquired  anti-spam 
vendor  ActiveState,  last  week  an¬ 
nounced  an  upgrade  to  its  Pure- 
Message  gateway  that  filters  mes¬ 
sage  streams  written  in  a  number 
of  European  languages.  Version 
4.5  also  includes  a  Web  interface 
that  lets  users  view  their  own 
quarantined  mail  folders  and 
manage  white  lists,  according  to 
Chris  Belthoff, senior  security  ana¬ 
lyst  with  Sophos.The  new  version 
works  with  the  Fbstfix  mail  trans¬ 
fer  agent  and  Sendmail. 

Software  maker  MailFrontier  last 
week  announced  its  upgraded 
Enterprise  Gateway  suite,  which 
includes  a  new  filter  for  detecting 
what  the  company  calls  scrabble- 
spam,  messages  that  include 
words  with  the  first  and  last  letters 
intact  but  the  interior  letters  mis¬ 
placed.  The  new  version  also 
detects  and  quarantines  fraudu¬ 
lent  e-mail.  ■ 


More  online! 

Messaging  is  in  crisis.  Ever-escalating 
e-mail  assaults  now  threaten  core  compe¬ 
tencies  of  even  the  most  sophisticated 
corporations.  Come  to  Network  World's 
Technology  Tour  on  messaging  and  spam 
to  find  solutions  that  ensure  network 
integrity,  user  productivity  and  return 
power  and  control  to  enterprise  network 
managers. 
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Vendors  jump  to  support  Intel's  64-bit  extensions 


■  BY  TOM  KRAZIT 

At  the  Spring  Intel  Developer  Forum 
last  week,  three  major  players  in  the  serv¬ 
er  market  pledged  their  support  to  the 
chip  with  64-bit  extensions  technology 
that  Intel  announced  it  will  release  next 
quarter. 

Dell,  HP  and  IBM  joined  Intel  Senior  Vice 
President  and  General  Manager  Mike 
Fister  on  stage  at  the  conference  to 
announce  they  would  release  systems 
based  on  the  Nocona  Xeon  processor 
when  Intel  makes  it  available.  For  HP  and 
Dell,  the  processor  will  be  their  first  with 
64-bit  extensions  to  the  x86  instruction 
set,  while  IBM  now  will  sell  servers  based 
on  Nocona  and  Advanced  Micro  Devices’ 
Opteron  chip. 

Intel  and  its  partners  said  they  had  been 
working  on  products  with  this  technology 
for  a  long  time,  and  last  week’s  announce¬ 
ment  is  the  culmination  of  that  work.  But 
AMD’s  Opteron  has  been  out  for  nearly  a 
year, and  HP  and  Dell  have  thus  far  passed 
on  the  chip. 

Dell  has  backed  the  idea  of  64-bit  exten¬ 
sions  for  more  than  a  year  but  waited  to 
introduce  a  product  because  it  didn’t  think 
Opteron  has  seen  enough  demand  outside 
of  the  high-performance  market,  says  Neil 
Hand,  director  of  worldwide  marketing  for 
Dell’s  enterprise  systems  group. 

HP’s  situation  is  more  complicated  be¬ 
cause  it  already  has  a  64-bit  strategy  with 
the  Itanium  processor.  “Customers  have  a 
good  idea  of  where  they  need  Itanium  and 
where  they  need  [extensions  technology] , 
and  they’ll  vote  with  their  feet,” says  Donald 
Jenkins,  vice  president  of  marketing  for 
business  critical  servers  at  HP 

Extensions  technology  is  a  step  toward 
64  bits,  and  as  workloads  grow  more  com¬ 
plicated  over  the  next  decade,  users  will 
need  the  more  compelling  performance 
Itanium  offers,  he  said. 

The  only  company  that  has  jumped 
onboard  with  both  Intel  and  AMD  is  IBM. 
Years  of  experience  with  a  broad  product 
portfolio  has  prepared  IBM  to  sell  similar 
products  to  its  customers,  says  Alex  Yost, 
director  of  product  marketing  for  IBM’s 
xSeries  servers.  For  example,  the  company 
sells  high-end  servers  based  on  Itanium 
and  its  own  Fbwer4+  chip,  he  says. 


More  online! 

Check  out  the  latest  roster  of  on-demand  Webcasts 
covering  network  management,  security,  remote 
access,  data  centers  and  much  more!  All  Webcasts 
offer  fully  searchable,  clickable  agendas. 

DocFinder  9660 


Customers  that  run  certain  applications 
will  have  a  better  experience  with  Op¬ 
teron,  while  Nocona  might  be  more 
applicable  for  a  different  type  of  cus¬ 


tomer,  Yost  says.  The  decision  to  sell  both 
products  benefits  end  users  who  now  can 
compare  the  two  products  side  by  side 
and  make  the  best  decision  for  their 


needs,  he  says. 

Krazit  is  a  correspondent  with  the  IDG 
News  Services  Boston  bureau. 


FIREPASS* 

SECURE  REMOTE  ACCESS 


Calculating  the  risks  and  rewards  of  secure  remote 
access  can  be  challenging.  For  a  solution  that's 
simply  better,  count  on  FirePass,  the  SSL  VPN 
appliance  from  F5. 

Firepass  is  a  powerful  solution  that  gives  your  users 
remote  access  to  critical  applications  and  data  from 
any  Web-enabled  device  or  location  —  without 
compromising  the  security  of  your  network. 

FirePass  provides  easy,  secure,  and  reliable 
remote  access. 


•  Extends  secure  remote  access  to  anyone 
connected  to  the  Internet  with  the  broadest 
application  access  of  all  SSL-VPN  solutions. 

•  Adapts  client  security  to  ensure  client  integrity 
by  deleting  temp/cache  files  on  public  kiosks 
and  checking  for  active  virus  scan  and  firewall 
programs  on  corporate  laptops. 

•  Offers  flexible  authentication  against  a  variety  of 
authentication  servers,  and  supports  two-factor 
authentication  for  more  stringent  security. 

•  Controls  the  level  and  application  access  based 

on  type  of  user  and  device.  > 

•  Reduces  deployment  and  maintenance  costs  :  - 

because  pre-installed  client  software  and 
application  updates  are  not  required.  .  T; 

Now  employees,  customers,  and  partners  can  securely,#' 
access  authorized  applications  from  any  Web-enabled 
device  at  any  location. 

. 

Simply  put,  it's  better. 

Learn  more  with  a  FREE  guide  to  secure  remote  access 
and  an  online  demo.  Visit  www.f5.com/better-nw 
or  call  1-866-543-9373  today!  ■  ,  W 
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DEMO 2004 

By  Keith  Shaw 


SCOTTSDALE,  ARIZ.  —  When 
you  attend  Demo,  you  check  your 
pessimism  at  the  door. 

You  root  for  the  start-ups  that 
promise  to  revolutionize  the  in¬ 
dustry  You  see  a  new  gadget  and 
pray  that  your  company  will  buy 
one  for  you  (check  out  my 
favorites  on  page  40)  .You  watch  a 
demonstration  that  merges  real¬ 
time  video  with  virtual  3-D  ob¬ 
jects  (from  Total  Immersion  SA) 
and  write  “WOW!”  in  your  note¬ 
book.  In  other  words,  it’s  very  hard 
not  to  get  bitten  by  the  Demo 
optimism  bug. 

If  that  makes  me  sound  like  a 
cheerleader,  then  1  plead  guilty  I 
truly  believe  that  optimism  is 
needed  in  this  industry  especially 


One  place  the  glass  is  always  full 


after  the  past  few  years,  when  IT 
trade  shows  were  quieter  than  a 
college  library  on  a  Saturday 
night.  If  a  show  like  Demo  and  its 
enthusiastic  crowds  can  give 
start-ups  the  adrenaline  they 
need,  then  that’s  a  good  thing. 

For  start-ups,  performing  a  6- 
minute  demonstration  might 
seem  like  the  hard  part,  but  it’s 
really  the  easiest.The  tough  part  is 
the  long  road  ahead  as  they  try  to 
launch  their  product,  get  cus¬ 
tomers  and  build  revenue,  to  go 
from  a  start-up  to  established 
company  It’s  even  harder  for  com¬ 
panies  that  want  to  take  away  a 
chunk  of  Microsoft’s  desktop  ap¬ 
plication  market  share. 

But  Demo  is  more  than  just  new 
products.  It’s  a  chance  for  start¬ 
ups  to  rub  elbows  with  venture 
capitalists  and  journalists  from  all 
over  the  country  It’s  a  chance  for 
industry  leaders  to  do  some 
social  networking  and  talk  trends 
(as  well  as  drink  and  play  music 
together  during  the  late-night 
“jam  session”). 


Survey  says:  ‘Look 
out  Microsoft' 

In  a  poll  of  attendees 
posted  on  the  Demo  Web 
site,  approximately 

40% 

of  respondents  said  they 
believed  that  Microsoft 
could  be  unseated  from 
its  dominant  position  in 
desktop  software. 


“We  come  out  here  to  meet,  talk 
with  and  walk  around  with  a 
bunch  of  smart  people,” said  Fred 
Felman,  vice  president  of  market¬ 
ing  at  Zone  Labs  (now  a  division 
of  Check  Point).  In  fact,  Zone 
Labs’  officials  got  their  first  ven¬ 
ture  capital  deal  based  on  people 
they  met  at  Demo,  Felman  said. 
And  they’ve  been  coming  back 
ever  since. 


Sure,  lots  of  cool  consumer 
products  were  launched  at  the 
show,  but  so  were  several  prod¬ 
ucts  that  should  make  enterprise 
network  managers  sit  up  and 
take  notice.  Turntide  launched 
the  first-ever  anti-spam  router 
that  attacks  spam  at  the  network 
layer.  Trend  Micro  announced 
hardware  that  detects  virus 
worm  outbreaks,  helps  compa¬ 
nies  limit  the  damage  and  then 
cleans  up  the  aftermath  quickly 
and  efficiently. 

After  seeing  some  scary  de¬ 
monstrations  that  made  me  want 
to  never  shop  online  or  open 
another  e-mail,  I  met  with  Mail- 
Frontier,  which  has  added  anti¬ 
fraud  capabilities  to  its  anti-spam 
and  anti-virus  e-mail  platform. 
The  MailFrontier  officials  calmed 
me  down  a  bit  by  showing  me 
their  product,  and  my  optimism 
and  faith  in  the  tech  industry 
returned. 

And  how  else  to  explain  the 
optimism  surrounding  blogging? 
At  a  morning  panel,  a  bunch  of 


companies  that  make  blogging 
software  enthusiastically  tried  to 
convince  the  crowd  that  blog¬ 
ging  was  here  to  stay,  was  more 
than  just  someone  writing  about 
the  cheese  sandwich  they  had 
for  lunch  and  that  it  was  benefi¬ 
cial  for  companies,  both  as  an 
internal  and  an  external  com¬ 
munications  tools.  SilkRoad 
Technology  actually  launched 
an  “enterprise  blogging”  software 
system  that  adds  alerting,  role- 
based  permissions  and  other  fea¬ 
tures  to  let  large  companies 
communicate  with  each  other. 
The  crowd  ate  it  up. 

But  that’s  what  happens  when 
you’re  breathing  the  pure  opti¬ 
mism  that  is  Demo.  Maybe  they 
pump  it  in  through  the  ventilation 
shafts.  We  don’t  know  for  sure.  But 
we  do  know  that  for  a  brief  few 
days  in  Arizona  there  was  defi¬ 
nitely  something  in  the  air. 

Shaw  has  come  back  to  Earth, 
and  can  be  reached  at  kshaw@ 
nww.com. 


SIP 

continued  from  page  9 

The  softphone  client  includes  a  buddy- 
list  window  that  shows  groups  of  users  who 
are  online  and  available  by  phone,  e-mail 
or  IM.  It  includes  a  click-to-dial  feature, 
which  can  be  used  to  call  in  co-workers 
from  the  softphone  list  or  from  Microsoft 
Outlook.  Avaya  IP  or  digital  handsets  also 
can  be  used  with  the  PC  softphone. 

Avaya  also  is  introducing  its  4602  SIP  IP 
phone,  which  can  work  in  SIP  mode  with  a 
Converged  Communications  Server,  or  in 
H.323  mode  with  a  Communications  Man¬ 
ager  IP  PBX. 

The  Converged  Communications  Server 
starts  at  $6,100  for  hardware  and  software, 
plus  $25  per  SIP  end-user  license.  The  soft¬ 
phone  costs  $130  per  user. 

Alcatel  is  set  to  launch  a  SIP  messaging 
platform  this  week  —  the  OmniTouch  Uni¬ 
fied  Communications  Suite  —  and  new  IP 
Touch  VoIP  phones.  The  Unified  Com¬ 
munications  Suite  includes  an  application 
server,  a  voice  messaging  server  and  a  Web- 
based  unified  messaging  client. 

The  platform  is  a  central  communications 
management  tool  for  retrieving  voice  mail 
and  e-mail  messages,  and  integrates  with 
IBM  Lotus  Notes  and  Microsoft  Outlook  e- 
mail  servers.  A  personal  information  man¬ 
agement  application,  tied  to  Lotus  or  IBM 
calendars,  and  presence  management 
capabilities  also  are  included  in  the  client. 

On  the  voice  side,  the  Unified  Communi¬ 
cations  Suite  is  tied  to  Alcatel’s  IP  PBX,  the 
OmniPCX  Enterprise,  through  an  IP/S1P- 
based  connection.Voice  XML  also  supports 


a  text-to-speech  feature,  through  which 
e-mail  can  be  read  to  end  users  over  phone 
connections. 

New  IP  phones  from  Alcatel  include  the 
IP  Touch  4038  and  4064.  Each  SIP-based  IP 
phone  also  supports  XML  applications  and 
includes  a  miniature  keyboard  at  the 
phone’s  base.  Alcatel  says  the  phones  are 
targeted  as  IP  terminals,  which  could  re¬ 
place  PCs  in  areas  such  as  security  guard 
stations  or  warehouses  in  a  corporation. 

“These  kinds  of  announcements  show 
that  [IP  telephony’s]  value  is  in  applica¬ 
tions  that  can  potentially  drive  up  the 
amount  of  revenue  an  employee  makes  for 
their  company’  says  Ron  Gruia,  an  analyst 
from  Frost  and  Sullivan,  regarding  the  Avaya 
and  Alcatel  products.  Simplified  phone  sys¬ 
tem  management  and  using  VoIP  to  avoid 
long-distance  changes  are  no  longer  the 
drivers  for  enterprise  IP  telephony  he  adds. 

Cisco  makes  a  splash 

Cisco  made  its  IP  PBX  splash  last  week, 
with  the  launch  of  CallManager  4.0.  New 
features  include  support  for  video  phone 
calls,  voice  traffic  encryption  and  security 
authentication  of  phones. 

Support  for  Cisco  Security  Agent  software 
on  the  CallManager  and  IP  phones  will 
make  IP  telephony  networks  more  secure, 
Cisco  says.  This  would  let  only  authorized 
IP  devices  access  the  Microsoft  Windows- 
based  CallManager  server.  Support  for  IP 
voice  and  signaling  traffic  encryption  also 
has  been  added,  which  prevents  calls  from 
being  intercepted,  the  vendor  says. 

“We  like  this  security  implementation,” 
says  Luke  Pfaffinger,  director  of  IT  at  Cap¬ 


stone  Turbine,  a  Chatsworth,  Calif.,  energy 
company  “Having  a  converged  phone  sys¬ 
tem  makes  you  realize  how  vulnerable  it 
can  be  to  network  attack.” 

SIP  support  on  the  CallManager  4.0  lets 
the  IP  PBX  communicate  with  other  SIP- 
based  gateways  and  communications  serv¬ 
ers.  This  could  include  SIP-based  soft- 
switches  in  a  carrier’s  VoIP  network,  or  SIP 
proxy  servers  that  tie  other  applications  to 
the  CallManager.  Direct  support  for  SIP  end¬ 
points  is  not  supported  on  the  CallManager. 

An  IP  video  feature  —  called  Cisco  VT  Ad¬ 
vantage  —  is  also  new  to  the  CallManager. 
This  lets  a  user  with  a  Cisco  IP  phone,  a  PC 
and  a  Cisco  USB  camera  make  video  calls 
to  other  similarly  equipped  users  via  the 
CallManager. Video  calls  can  be  transferred 
among  CallManager  users,  and  users  with 
some  third-party  IP  video  equipment  ven¬ 
dors  such  as  Tandberg. 

“One  of  the  things  that  has  held  video 
back  in  enterprises  has  been  complexity 
and  cost,”  Kerravala  says.  Yankee  Group 
studies  have  shown  that  setting  up  video- 
conferences  with  traditional  ISDN  equip¬ 
ment  can  take  a  midsize  enterprise  IT 
department  an  average  of  30  minutes. 
"Being  able  to  set  up  a  video  call  by  dialing 
a  phone  number  is  impressive,”  he  adds. 

The  CallManager  4.0  with  with  Media 
Convergence  Server  hardware  costs  $6,000. 
The  MeetingPlace  8106  Rich-Media  Confer¬ 
encing  Server  will  be  available  next  month 
starting  at  $70,000. 

Also  making  news  on  the  SIP  front  is 
Zultys,  which  is  scheduled  to 
announce  its  MXGroup  soft¬ 
ware  upgrade  to  its  SIP- 


based  MX250  IP  PBX.  Zultys  says  the  MX¬ 
Group  makes  managing  disparate, VoIP-con¬ 
nected  sites  easier  because  the  software 
allows  multiple  boxes  to  work  under  one 
phone  directory  and  four-digit  extension 
group  across  a  WAN.The  MX250  is  a  midsize 
IP  PBX  that  supports  SIP-based  IM  and  pres¬ 
ence  applications, as  well  as  traditional  tele¬ 
phony  fax,  call  control  features  and  public 
switched  telephone  network  line  trunking. 

Other  vendors  with  IP  telephony  an¬ 
nouncements  include: 

•  Net6,at  VoiceCon,  is  .set  to  introduce  ap¬ 
plications  that  can  turn  any  speaker-phone- 
enabled  IP  phone  into  a  paging  or  inter¬ 
com  system. The  new  features  are  in  Net6’s 
Application  Gateway  plus  Voice  Office, 
which  costs  $10,000  to  $50,000. 

•  Pingtel  last  week  announced  its  open 
source  software  strategy  where  it  is  licens¬ 
ing  its  SIPxchange  IP  PBX  and  Expressa  IP 
phones  software  under  the  Lesser  General 
Public  License,  a  version  of  the  GPL,  which 
governs  Linux  distributions.  Instead  of 
charging  for  the  software,  Pingtel  will  give 
away  the  code  and  charge  companies  up 
to  $  1 ,000  per  year,  per  processor,  for  instal¬ 
lation  and  support. 

•  Jasomi  recently  upgraded  its  session 
border  controller  so  it  can  make  sense  of 
more  variants  of  SIPJasomi’s  FeerFbint  3.0, 
which  starts  at  $10,000,  primarily  helps 
overcome  network  address  translation 
problems  that  exist  when  SIP  devices  such 
as  phones  are  protected  behind  firewalls 
that  translate  IP  addresses. 

Senior  Editor  Tim  Greene 
contributed  to  this  story. 


Get  more  information  online. 
DocFinder:  9880 
www.nwfusion.con 


Your  company 
turns  to  you  for 
infrastructure 
security. 

So,  where  can  you  turn? 

Security  is  a  primary  concern  for  all  of  us.  That's  why  we've  developed  an  array  of  new  tools  and  guidance, 
centralized  at  microsoft.com/security/IT.  It's  a  resource  you  can  turn  to  for  timely  news,  education,  and  tools, 
all  intended  to  help  you  better  plan  and  manage  the  security  strategy  that's  right  for  your  company. 


Take  advantage  of  the  latest  tools  and  training  at  microsoft.com/security/IT. 


Free  Security  Training 

Register  for  free  security  management  training, 
including  a  Security  Summit  in  a  city  near  you,  weekly 
security  Webcasts,  and  in-depth  e-learning  designed 
to  help  you  improve  your  security  infrastructure. 

Free  Tools  and  Updates 

Streamline  patch  management  with  free  tools 
such  as  Microsoft®  Software  Update  Services. 
Download  software  like  Microsoft  Baseline  Security 
Analyzer  to  verify  that  your  systems  are  configured 
to  maximize  security. 


Free  Emergency  Notifications 

Sign  up  to  stay  up-to-date  with  the  latest 
vulnerability  assessments,  mitigation  advice, 
and  patch  availability. 

Free  Security  Guidance  Kit 

Evaluate  detailed  guidance  and  templates, 
then  pre-order  your  free  CD-ROM  with  roadmaps 
and  how-to  guides.  Learn  how  measures  like 
automating  security  patch  installation  and 
blocking  unsafe  e-mail  attachments  can  help 
better  protect  your  organization. 


Go  to  microsoft.com/security/IT 


hr 


For  ongoing  guidance  to  help  better  plan  and  manage  your 
company's  IT  security,  go  to  microsoft.com/security/IT  today. 


Microsoft 


C  2004  Microsoft  Corporation.  All  rights  reserved.  Microsoft  is  a  registered  trademark  of  Microsoft  Corporation  in  the  United  States  and/or 
other  countries.  The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 
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Doing  the  security-conference  strut 

In  an  attempt  to  head  off  viruses,  these  vendors  will  be  touting  new  products  at  the 
RSA  show: 


Vendor 

Product 

Announcement 

Price 

AEP 

Systems 

Sure  Ware  Key  per 
Enterprise 

Encryption  hardware;  1,000  transaction/sec. 

$25,000 

Blue  Coat 
Systems 

ProxySG  8000 

80M  bit/sec  appliance  forWeb,  P2P,  IM  filtering. 

$40,000  to 
$100,000 

CyberGuard 

FS250,  FS500,  KS1500, 
SL3200  firewalls 

Adding  “Total  Stream  Protection”  filters  to  block 
attacks. 

N/A 

Lancope 

StealthWatch  4.0 

Adds  automated  way  to  reconfigure  Cisco  router 
and  Check  Point  firewalls;  also  accepts  Internet 
Security  Systems  Proventia  and  Snort  data. 

$10,000  and  up 

nCipher 

Document  Sealing 
Engine  200 

Appliance  for  time-stamping  Adobe  PDFs. 

$45,000 

PatchLink 

Update  6.0 

Adds  host-based  vulnerability-assessment  scans 

$20  per  node 

Tripwire 

Tripwire  Manager  4.1 

Integration  with  HP  OpenView,  Service  Desk,  IBM 
Tivoli,  Remedy,  Micromuse,  NetCool,  others. 

$7,000 

RSA 

continued  from  page  9 

shared  or  stolen.  When  stronger 
authentication  is  required, corpo¬ 
rations  turn  to  palm-sized  hard¬ 
ware  tokens  that  can  generate 
dynamic  passwords  that  are  dif¬ 
ferent  —  and  hence  more  secure 

—  every  time  a  password  is 
needed. 

Smart  cards  or  USB  tokens  that 
hold  public-key  infrastructure 
(PKI)  certificates  also  can  be 
used  to  prove  identity  through 
cryptographic  processes.  There 
are  also  hybrid  tokens  that  do  it 
all.  When  a  dynamic  password  is 
transmitted  over  a  network  as  the 
user  credential,  a  special  server 

—  such  as  RSA  Security’s 
ACE/Server  for  the  SecurlD  token 
authentication  —  is  needed  to 
verify  the  one-time  password  is 
correct. 

But  adapting  applications  to  use 
PKI  and  dynamic-password  token 
and  smart-card-based  authentica¬ 
tion  can  be  time-consuming  and 
expensive  for  IT  departments.  To 
address  that,  Microsoft  and  RSA 
(which  manages  the  annual  RSA 
conference)  this  week  are  expect¬ 
ed  to  announce  an  agreement  to 
add  RSAs  authentication  technol¬ 
ogy  into  Microsoft  applications 


and  management  software. 

That  has  other  token  vendors 
concerned.  Mark  Griffiths,  vice 
president  of  authentication  ser¬ 
vices  at  VeriSign  Security  Services, 
worries  that  RSA  will  “have  a  cap¬ 
tive  market”  with  Microsoft’s  tech¬ 
nology  integration.This  would  be 
a  lot  different  than  just  having  an 
RSA  plug-in  for  the  desktop  for 
Microsoft,”  he  says.  VeriSign  this 


week  is  expected  to  announce 
plans  to  offer  its  own  hardware- 
based  authentication  tokens. 

VeriSign  also  intends  to  offer 
Internet-based  authentication 
services  later  this  year  through 
its  13  worldwide  data  centers  as 
an  outsourced  service  for  com¬ 
panies  that  want  strong  authen¬ 
tication  with  trading  partners 
and  employees.  This  would 


spare  corporations  from  having 
to  set  up  their  own  authentica¬ 
tion  systems. 

Griffiths  adds  that  there  is  a 
need  to  foster  interoperability 
across  token  vendors’  products, 
so  VeriSign  is  organizing  an 
industry-standards  effort  called 
Open  Authentication.  All  the 
token  vendors’  products  “use  a 
different  reference  architecture,” 


Griffith  says.  “Some  are  time- 
based,  some  are  sequent-based, 
using  different  algorithms  in  a 
sequence  of  keys.” 

Smart-card  token  manufactur¬ 
ers  Authenex,  Gemplus  and 
Schlumberger  and  are  expected 
to  be  among  those  announcing 
support  for  the  Open  Authen¬ 
tication  effort  this  week. 

In  addition,  IBM  says  it  intends 
to  add  support  for  the  VeriSign 
online  authentication  services 
into  its  Tivoli  Identity  Manager 
software. 

Burton  Group  analyst  Trent 
Henry  says  VeriSign’s  Open 
Authentication  standardization 
effort  addresses  a  user  need  for 
client/server  token-based  auth¬ 
entication  to  work  across  ven¬ 
dor  boundaries.  But  he  adds,  “1 
don’t  know  if  VeriSign  has  the 
industry  clout  in  this  area”  to 
drive  the  effort. 

Microsoft’s  Bill  Gates  will  give 
the  RSA  Conference  keynote 
address  in  which  he’s  expected  to 
offer  Microsoft’s  views  on  security 
issues  such  as  authentication. 
There  might  be  a  live  demo  of 
software  that  Microsoft  plans  to 
have  out  later  this  year  in  beta.  ■ 

Get  more  information  online. 
DocFinder:  9881 
www.nwfusion.com 


RSA  Conference  is  a  coming-out  party  for  trio  of  start-ups 


hree  security  start-ups  will 
debut  this  week  at  the 
RSA  Conference  looking 
to  make  a  mark  in  protecting 
enterprise  customers  against 
attack  from  inside  and  outside 
their  organizations. 

Intrusic  is  expected  to  unveil 
a  server  application  called 
Zephon,  which  runs  on 
FreeBSD.  Zephon  can  find 
intruders  invading  compro¬ 
mised  systems  by  copying  and 
analyzing  network  traffic. 

“Zephon  is  the  name  from  the  Old 
Testament  —  and  John  Milton’s  Paradise 
Lost—  for  the  angel  who  guards  heav¬ 
en,"  says  Intrusic  CEO  Bruce  Linton.  The 
angel  Zephon  touches  a  frog  to  reveal 
Satan.  Intrusic's  Zephon  software  is  sup¬ 
posed  to  unmask  hackers  masquerading 
as  insiders  after  successfully  stealing  the 
network  credentials  of  employees  or 
trading  partners. 

Zephon  —  which  Intrusic  co-founder 
and  President  Jonathan  Bingham  says  is 
being  installed  at  The  Home  Depot  in 
Atlanta;  Caritas  Christi  Health  Care  in 
Boston,  a  chain  of  six  hospitals;  and 
Mohegan  Sun  Casinos  in  Uncasville, 
Conn.  —  works  by  analyzing  servers, 


lilt's  rare  that  a  desktop  will 
act  as  a  server,  for  example.  And 
there  are  certain  ways  a  mail 
server  should  behave. If 


Bruce  Linton 

CEO,  Intrusic 

desktops,  applications  and  traffic  flows. 

Network  activity  "will  seem  complex 
and  chaotic  at  first,”  Linton  says.  “But  it's 
rare  that  a  desktop  will  act  as  a  server, 
for  example.  And  there  are  certain  ways 
a  mail  server  should  behave."  Zephon  is 
designed  to  zero  in  on  a  compromise  and 
deliver  that  information  to  a  manage¬ 
ment  console.  The  software  sells  for 
roughly  $150,000. 

Intrusic  has  12  employees,  with  security 
guru  and  @Stake  founder  Peiter  "Mudge" 
Zatko  the  chief  scientist.  The  company  is 
funded  with  less  than  $1  million  from  ven¬ 
ture  firm  Draper  Fisher  Jervetson  plus 
undisclosed  funding  from  the  founders. 

Privately  funded  Tablus  is  tackling  the 
prickly  problem  of  keeping  sensitive  cor¬ 


porate  data  from  flying 
out  via  a  network.  The 
Tablus  product,  an 
appliance  called  Con¬ 
tent  Alarm,  monitors 
outbound  network  traf¬ 
fic  for  sensitive  content, 
says  Jim  Nisbet, 
founder  and  CEO. 

“We  have  to  make  an 
analysis  quickly  when 
it’s  a  question  of  propri¬ 
etary  source  code  or 
human  resources  document,  for  exam¬ 
ple,”  Nisbet  says. 

The  Tablus  Content  Alarm,  which  starts 
at  $29,000,  works  by  having  agent  soft¬ 
ware  on  servers  where  there's  sensitive 
data  subject  to  restricted  access.  It 
tracks  changes  to  that  content,  and 
Content  Alarm  recognizes  when  portions 
of  it  might  be  sent  out  of  the  network. 

Tablus  is  among  a  handful  of  other 
start-ups,  including  Vericept,  Vidius  and 
Vontu,  that  are  taking  on  the  challenge  of 
flagging  sensitive  data  when  it  makes  a 
sudden,  unexpected  move.  Each  vendor 
has  a  slightly  different  approach,  some 
using  keyword  or  pattern-matching. 

Users  contend  various  approaches  can 
work  but  worry  about  false  positives  — 


or  just  failure  to  recognize  an  unautho¬ 
rized  transfer. 

One  Tablus  beta  tester,  online  games 
developer  Perpetual  Entertainment,  says 
Tablus  Content  Alarm  has  produced  a 
low  number  of  false  positives.  “It  works 
at  wire  speed  and  it’s  nonintrusive,"  says 
Mark  Rizzo,  the  firm’s  vice  president  of 
operations. 

The  third  start-up  making  its  debut  this 
week,  Skybox  Security,  has  the  goal  of 
identifying  network  vulnerabilities  and 
tracking  the  remediation  process  with  a 
product  called  Skybox  View  that  would 
typically  cost  about  $250,000. 

Skybox  View  uses  Java-based  software 
collectors  on  desktops  and  servers  to 
send  information  on  applications  and 
operating  systems  to  the  Skybox  View 
Server  for  maintaining  an  up-to-date 
snapshot  of  the  network.  The  client- 
based  Skybox  View  Manager  can  coordi¬ 
nate  a  simulated  attack  to  weed  out  net¬ 
work  vulnerabilities  that  need  fixing. 

“We  are  running  an  attack  simulation  of 
all  possible  threats,"  says  Skybox  CEO 
Gidi  Cohen.  Skybox  has  30  employees 
and  $11  million  in  venture  capital  from 
Benchmark  and  Lightspeed  Venture 
Partners. 

—  Ellen  Messmer 
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Information  Management 
Is  No  Longer  a  Luxury; 
It’s  a  Boardroom  Issue 


WHAT’S  THE  VALUE  OF  CORPORATE 
INFORMATION?  It  depends  on  the 
lens  through  which  it’s  viewed. 
Consider,  for  example,  the  medical 
records  of  a  child  in  New  York.  To  his 
parents,  the  records  are  a  vital  history 
of  their  child’s  health.  To  Daniel 
Morreale,  CIO  of  the  North  Bronx 
Healthcare  Network,  those  records 
also  offer  the  opportunity  to  glean 
valuable  insights  on  healthcare 
trends.  And  to  the  federal  and  state 
governments,  they  represent  a  regula¬ 
tory  obligation  to  retain  that  data  for 
up  to  28  years. 

As  the  role  of  information  grows 
more  critical  with  each  passing  year,  so 
do  the  challenges  that  come  with  man¬ 
aging  it  well.  Nowhere  does  smart 
management  come  into  play  more 
than  when  it  comes  to  complying  with 
the  thousands  of  regulations  that  man¬ 
date  how  companies  worldwide  store 
and  manage  their  data. 


“We  all  know  that  information  can 
be  one  of  the  most  valuable  corporate 
assets  out  there,”  says  Peter  Gerr,  an 
analyst  at  Enterprise  Storage  Group,  a 
research  company  in  Hopkinton, 
Mass.  “But  compliance  plays  a  huge 
role.  To  me,  compliance  is  really  one  of 
the  driving  forces  behind  what  I  see  as 
an  evolution  in  how  we  manage  and 
think  about  information.” 

Many  companies  have  long  wres¬ 
tled  with  the  issues  of  internal  infor¬ 
mation  management,  but  now  they 
must  also  grapple  with  the  dictates  of 
corporate  governance  and  new  regula¬ 
tions  such  as  Sarbanes-Oxley  and  the 
Health  Insurance  Portability  and 
Accountability  Act  (HIPAA).  While  it 
might  be  tempting  to  think  of  compli¬ 
ance  as  affecting  but  a  few  industries, 
such  as  healthcare  or  financial  servic¬ 
es,  the  truth  is  that  compliance  touch¬ 
es  almost  any  organization  that  col¬ 
lects  and  manages  data. 
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KEY  ISSUES  MAKING  THE  LIFECYCLE  APPROACH  TO 
REGULATORY  COMPLIANCE  ATTRACTIVE 


•  REGULATORY  COMPLIANCE  MANDATES 

•  APPLICATIONS  ARE  INCREASINGLY  INTERDEPENDENT 

•  NOT  ALL  DATA  IS  CREATED  EQUAL 

•  ONLINE  ACCESS 


“To  me, 
compliance 
is  really  one 
of  the  driving 
forces 
behind  what 
I  see  as  an 
evolution  in 
how  we 
manage  and 
think  about 
information.” 

— Peter  Gerr, 
Enterprise 
Storage  Group 


Consider  Sarbanes-Oxley,  which  regu¬ 
lates  the  way  public  companies  manage 
their  financial  information.  According  to 
Gerr,  the  whistle-blower  part  of  that  legis¬ 
lation  also  applies  to  private  companies. 
Any  private  company  with  the  thought  of 
going  public  must  be  in  compliance  with 
Sarbanes-Oxley  as  well,  adds  Roy  Sanford, 
a  vice  president  of  markets  and  alliances  at 
EMC  Corp.,  the  storage  solutions  provider 
based  in  Hopkinton,  Mass. 

“There  are  more  than  15,000  regula¬ 
tions  alone  in  the  U.S  at  the  federal,  state 
and  local  levels,  and  about  20,000  regula¬ 
tions  around  the  world  that  govern  the  use 
of  information,”  Sanford  says.  “They 
touch  about  any  organization  you  can 
think  of — public,  private,  nonprofit,  all  are 
affected  by  regulations  outside  of  the  con¬ 
trol  of  the  organization.” 

Many  companies  have  instituted  inter¬ 
nal  information  governance  methods  that 
must  also  be  met  as  part  of  a  new  focus  on 
corporate  governance  overall. 

The  issue  of  regulatory  compliance  chal¬ 
lenges  the  traditional  IT  approach  of  storing 
every  bit  of  data,  because  it  requires  a  look 
at  information  across  its  entire  lifecycle  and 
affects  everything  from  retention  periods  to 
deletion  policy  to  data  authenticity. 

“We  feel  that  compliance  will  have  a 
huge  material  effect  not  only  on  how  com¬ 
panies  manage  information,  but  also  on 
how  they  think  about  the  value  and  risk 
that  information  holds,”  says  Gerr. 


THE  IMPACT  OF  COMPLIANCE 

Business  risk,  the  fear  of  regulatory  viola¬ 
tions  and  potential  fines  all  speak  to  the 
need  for  compliance.  “In  many  cases,  the 
regulations  are  new  and  companies  just 


don’t  have  the  capabilities  in  place  to  meet 
them,”  says  Mark  Lewis,  chief  technology 
officer  at  EMC.  “Many  fail  to  have  a  cen¬ 
tralized  information  structure  that  allows 
for  the  implementation  of  information 
management  policies  in  the  first  place.” 

Bottom  line:  It’s  a  whole  new  world  out 
there  for  companies  that  rely  on  information, 
particularly  as  it  transforms  to  “all  digital.” 
For  many  organizations,  that  means  there’s 
no  “hard  copy”  to  back  up  some  informa¬ 
tion — email  comes  to  mind — making  com¬ 
pliance  and  authenticity  even  more  difficult. 

“We’re  almost  all  electronic,”  says 
Morreale  of  the  North  Bronx  Healthcare 
Network.  “It’s  part  of  the  problem 
because  we  can’t  touch  the  data  that’s 
been  stored  in  the  clinical  information 
system — can’t  touch,  can’t  delete  or 
purge.”  At  the  same  time,  Morreale  rec¬ 
ognizes  that  some  of  that  data  has  out¬ 
lived  its  regulatory  value.  He  needs  a  tool 
that  will  let  him  discard  the  outdated  data 
while  keeping  the  rest. 

Informational  compliance  is  as  much 
about  smart  content  and  resource  manage¬ 
ment  as  it  is  about  regulatory  compliance. 
CIOs  must  figure  out  how  to  apportion  IT 
resources  to  manage  an  ever-growing  pool 
of  information,  some  of  which  legally  must 
be  retained  for  years.  The  effect  of  accumu- 

GROWTH  IN  STORAGE  CAPACITY 
FOR  COMPLIANT  RECORDS 

The  capacity  of  compliant  records  will  increase 
from  376PB  in  2003  to  1 ,644PB  in  2006, 


u-  Total  aggregate  capacity  of  compliant  records 

SOURCE:  ENTERPRISE  STORAGE  GROUP, 
COMPLIANCE  STUDY,  MAY  2003 


The  need  to  meet  compliance  requirements  will 
continue  to  grow,  requiring  methodologies  and 
technologies  to  understand  the  value  of  infor¬ 
mation  and  how  to  manage  it  accordingly. 
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fating  information  for  decades  has  a  pro¬ 
found  impact  on  how  to  classify,  where  to 
keep  and  how  to  recover  it. 

Like  many  CIOs,  Morreale  has  discov¬ 
ered  that  managing  information  for  compli¬ 
ance  purposes  is  not  a  “store  it  and  forget  it” 
exercise.  The  value  and  risk  of  corporate 
information  have  driven  him  to  explore  a 
holistic  process  known  as  Information 
Lifecycle  Management. 

As  detailed  in  earlier  editions  of  this 
series,  Information  Lifecycle  Management 
is  not  a  product  but  a  method  of  harnessing 
informational  chaos. 

There  are  a  number  of  issues  that  make 
a  lifecycle  approach  to  regulatory  compli¬ 
ance  attractive: 

•  Regulatory  compliance  mandates  that 
data  authenticity  and  integrity  be  irre¬ 
proachable.  “Data  integrity  is  key,”  says 
Gerr.  “Data  must  be  retained  in  its  original 
format.”  Many  regulations,  such  as 
HIPAA,  require  that  the  data  be  kept  safe¬ 
ly,  too,  making  information  security  an 
important  part  of  the  equation. 

•  Applications  are  increasingly  interde¬ 
pendent,  pulling  data  sets  from  neighboring 
systems.  As  these  interrelationships  broad¬ 
en,  compliance  at  the  application  level 
becomes  insufficient,  making  an  enter¬ 
prisewide  ILM  process  necessary. 

•  Not  all  information  is  created  equal.  With 
the  new  regulatory  environment,  companies 
must  protect  the  right  data  longer  and  recov¬ 
er  it  faster,  and  know  when  to  delete  it. 


LINKING  ILM  AND  COMPLIANCE 

For  many  companies,  Information  Lifecycle 

Management  offers  the  best  means  to  man¬ 
age  regulatory  compliance  issues.  Here’s  why: 

•  Flexibility — Information  Lifecycle  Man¬ 
agement  lets  companies  flexibly  store 
information  and  move  it  around  as  regu¬ 
latory  needs  demand.  Take,  for  exam¬ 
ple,  an  audit  at  a  financial  services  firm 
that  seeks  details  about  a  particular 
trade — information  that’s  stored  as  email. 
IT  departments  must  be  able  to  access 
that  information  quickly  and  relatively 
easily,  and  store  it  with  an  eye  to  the  flex¬ 
ible  nature  of  its  value. 

•  Indexed  Information — ILM  ensures  that 
companies  know  exactly  what  kind  of 
information  they  have  and  where  it  is, 
making  it  simple  to  keep  the  right  data 
for  the  right  period  of  time.  For  compa¬ 
nies  that  deal  with  a  myriad  of  varying 
regulations,  this  is  particularly  valuable. 
“We  need  to  keep  information  for  a  very 
long  time,  but  we  also  need  to  know 
when  to  get  rid  of  it  because  of  legal  man¬ 
dates,”  says  Morreale.  “That’s  the  value 
of  Information  Lifecycle  Management.” 

•  Classification — By  conducting  a  data 
classification  and  prioritization  study, 
companies  can  ensure  that  necessary 
information  is  placed  in  fixed  content 
storage  built  specifically  to  ensure  its 
authenticity.  Many  times  that  means 
calling  in  outside  experts.  “Information 
Lifecycle  Management  consultants  are 


“We  need 
to  keep 
information 
for  a  very 
long  time, 
but  we  also 
need  to 
know  when 
to  get  rid  of 
it  because 
of  legal 
mandates. 
That’s  the 
value  of 
Information 
Lifecycle 
Management.” 

— Daniel  Morreale, 
CIO  of  the  North 
Bronx  Healthcare 
Network 
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QUESTIONS  ABOUT 
INFORMATION 
LIFECYCLE 
MANAGEMENT? 

If  you’ve  got  any  burning 

questions  about 

Information  Lifecycle 

Management — and  how 

you  can  begin 

implementing  such  a 

strategy — send  them  to 

ilm  questions@emc.com. 

We’ll  answer  the  most 
frequently  asked 
questions  later  in 
this  series. 


part  of  the  storage  companies’  bench 
teams,”  says  Gerr.  “They  have  the  serv¬ 
ices  and  tools  that  will  help  an  organi¬ 
zation  classify  and  value  their  data, 
taking  a  step  toward  having  a  fully 
realized  strategy.” 

•  Right  Storage  for  the  Right  Information — 

Classifying  information  enables  IS  execu¬ 
tives  to  create  tiered  storage  that  matches 
the  regulatory  value  of  the  data  with  the 
corresponding  price/performance  layer  of 
storage.  Again,  fixed  content  storage  is  a 
frequent  choice  when  it  comes  to  ensur¬ 
ing  corporate  governance  and  regulatory 
compliance. 

•  Record  Level  Access — Information 
Lifecycle  Management  treats  data  at  a 
very  granular  level,  so  CIOs  get  precise¬ 
ly  the  data  they  ask  for  when  they  need 
to  access  information  for  regulatory 
purposes.  “Regulations  are  very  specif¬ 
ic,”  says  Gerr.  “[Regulators]  look  for 
compliant  records,  not  volumes  of 
records.  A  very  fine-toothed  comb  needs 
to  be  in  hand,  and  IT  caretakers  will  be 
required  to  maintain  a  deep  granulari¬ 
ty.”  For  companies  facing  compliance 
issues,  getting  at  the  information  is  vital, 
as  is  getting  it  in  a  timely  fashion.  They 
must  be  able  to  pull  authentic  data,  and 
they  must  be  able  to  get  at  it  fast.  “I’m 
really  convinced  that  recovery  time  will 
eventually  become  part  of  compliance 
objectives,”  he  says. 

•  Retention  and  Protection — ILM  means 
that  applying  automated  policies  will 
ensure  that  information  is  kept  as  long 
as  it  needs  to  be  and  is  deleted  after¬ 
ward.  For  example,  an  email  archiving 
application  will  affix  a  piece  of  meta¬ 
data  containing  a  required  retention 
period  to  each  email,  and  will  auto¬ 
matically  delete  that  email  when 
appropriate.  “Automated  policies  are 
like  a  handshake  between  the  applica¬ 
tion  and  the  infrastructure,”  says 
Sanford.  “It  requires  the  infrastructure 
to  be  application  aware,  and  that’s 
what  happens  with  Information 
Lifecycle  Management.” 


KEY  ATTRIBUTES  FOR  AN 
OPTIMUM  REPOSITORY  TO 
MEET  REGULATORY 
COMPLIANCE 


•  Flexibility 

•  Indexed  Information 

•  Classification 

•  Right  Storage  for  the  Right 
Information 

•  Record  Level  Access 

•  Retention  and  Protection 


In  an  era  of  increasingly  strict  regula¬ 
tions  that  govern  how  companies  must 
manage  and  store  information,  it’s  clear 
that  CIOs  must  take  action  sooner  rather 
than  later.  With  the  possibility  of  fines  and 
other  penalties  for  noncompliance,  compa¬ 
nies  cannot  afford  to  wait.  Instead,  CIOs 
need  to  implement  governance  strategies 
that  work  across  the  entire  enterprise  and 
manage  information  holistically. 

“Part  of  a  CIO’s  job  is  talking  about  the 
strategic  value  of  information  and  teasing 
out  what’s  real  versus  what’s  not  real,”  says 
Morreale.  “You  need  to  understand  that 
information  is  fluid  and  constantly  adapt  it 
to  whatever  regulatory  changes  happen,  and 
for  that  you  really  need  a  big-picture  target.” 

As  such,  companies  mqst  manage  this 
task  at  a  very  high  level  and  make  sure 
that  their  compliance  policies  are  driven 
by  the  value  of  the  information  first  and 
foremost.  For  many,  Information  Lifecycle 
Management  is  the  one  answer  that’s 
couched  in  terms  of  real  business  value. 


NEXT:  In  the  next  part  of  this  series, 
we’ll  look  at  how  Information  Lifecycle 
Management  enables  new  operational 
efficiencies. 

FOR  MORE  INFORMATION 

where  information  lives  Visit  WWW.emC.COm/ilm 

for  an  in-depth  look  at  Information  Lifecycle 
Management  products,  services  and  strategies. 
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■  VOIP  ■  WIRELESS  NETWORKS 


Cisco  powers 
up  Catalyst  line 

■  BY  PHIL  HOCHMUTH 


Cisco  last  week  announced  new  prod¬ 
ucts  that  could  help  users  roll  out  larger 
amounts  of  powered  Ethernet  ports,  re¬ 
ducing  the  cost  of  deploying  devices  such 
as  IP  phones  and  Wi-Fi  access  points. 

The  company  announced  module  up¬ 
grades  for  its  Catalyst  6500  series  and  4500 
series  that  add  803.3af-compliant  Power 
over  Ethernet  (FbE)  support.  Cisco  also  an¬ 
nounced  stackable  and  fixed-configured 
boxes  that  support  the  IEEE  standard  for 
FbE.The  shift  from  its  proprietary  FbE  tech¬ 
nology  to  803.3af  could  give  users  more 
flexibility  in  rolling  out  large  numbers, and 
a  wider  variety  of  inline-powered  devices. 

Users  and  analysts  say  803.3af  technol¬ 
ogy  can  reduce  costs  and  simplify  Wi-Fi 
deployments  because  AC  outlets  aren’t  ] 
always  installed  in  places  optimal  for  posi¬ 
tioning  access  points. 

IEEE-standard  FbE  gear  from  Cisco  was 
deployed  recently  at  Exempla  Healthcare 

See  Cisco,  page  22 
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■  Advanced  Micro  Devices  last 
week  released  six  Opteron  proces¬ 
sors  designed  tor  low-power  applica¬ 
tions  such  as  blade  servers  and  clus¬ 
ters.  The  processors  consume  less 
power  than  the  standard  Opteron 
chips  so  they  can  be  used  in  denser 
products  such  as  thin  blade  servers  or 
clustered  workstations,  AMD  said. 

■  Dell  is  scheduled  to  announce  two 
new  servers  this  week  for  small  and 
midsized  businesses,  remote  offices 
and  workgroups.  The  PowerEdge  700 
tower  and  PowerEdge  750  rack¬ 
mounted  servers  use  Celeron  or  Pent¬ 
ium  4  processors  and  run  Windows, 
Red  Hat  Linux  or  NetWare.  The 
PowerEdge  750  is  a  lU-high  server 
that  has  dual  Gigabit  Ethernet  adapt¬ 
ers,  two  Serial  Advanced  Tape 
Attachment  or  SCSI  drives  and  as 
much  as  4G  bytes  of  memory.  The 
servers  start  at  $699  and  $949, 
respectively. 


Site: 


Lessons  from  Leading  Users 


D.C.  builds  high-speed  network 


■  BY  CAROLYN  DUFFY  MARSAN 

Faced  with  emergencies  from  terror¬ 
ism  threats  to  ice  storms,  Washing¬ 
ton,  D.C.,  is  spending  $93  million  to 
build  a  high-speed, citywide  public  safety 
network  that  industry  observers  say  is 
one  of  the  most  advanced  of  its  kind. 

DC-Net  is  a  private,  fiber-optic  network 
that  will  provide  data,  video  and  voice 
services  to  350  buildings,  including 
police  and  fire  stations,  city  offices  and 
schools.  Washington’s  main  government 
buildings  will  be  hooked  up  to  DC-Net’s 
2.5G  bit/sec  backbone  this  summer. 

Avaya  and  Cisco  are  providing  network 
hardware  for  DC-Net,  while  MCI  is  the  ser¬ 
vice  provider.  Systems  integrator  Science 
Applications  International  will  operate 
DC-Net’s  two  network  operations  centers. 

Washington  is  unique  because  it  “has  to 
provide  first  responder  capability  for  the 
entire  federal  government, ’’says  Peter  Roy 
the  city’s  deputy  CTO.“DC-Net  is  the  most 
advanced  metropolitan-area  network  of 
its  kind.” 

“To  see  a  project  of  this  scale  in  local 
government  is  pretty  extraordinary/’  says 
Ray  Bjorklund,  senior  vice  president  of 
consulting  at  Federal  Sources,  a  Vienna, 
Va.,  firm  that  tracks  state  and  local  gov¬ 
ernment  spending  on  IT  projects. 

DC-Net  is  “recognition  of  the  districts 
mission  in  homeland  security’  Bjorklund 
adds.'There’s  a  statutory  requirement  that 
every  agency  have  a  presence  in  the  dis- 
trict.The  district  has  a  very  special  role  as 
the  federal  city  and  needs  to  protect  the 
spaces  between  the  federal  locations." 

The  infrastructure 

DC-Net  consists  of  several  OC-48 
SONET  rings,  which  promise  no  single 
point  of  failure.  DC-Net  will  offer  99.98% 
availability, thanks  to  SONET’s  self-healing 
capabilities.  As  a  carrier-grade  technolo¬ 
gy  SONET  ensures  that  DC-Nets  traffic 
can  be  rerouted  within  50  millisec  in  the 
event  of  a  cut  in  the  system. 

“We  chose  SONET  technology  because 
it’s  proven  and  it  has  been  around  for  a 
while,”  Roy  says. “We’re  dealing  with  mis¬ 
sion-critical  applications,  and  we  want 
proven  technology" 


Safety  net 


From  its  multiple  SONET  rings  to 
redundant  routers,  switches 
and  PBXs,  the  District  of 
Columbia  is  building  a 
highly  available, 
high-speed,  public 
safety  network  for 
its  30,000  end  users 
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DC-Net  is  a  private,  fiber-optic  network  consisting  of 
several  OC-48  SONET  rings.  SONET  ensures  that  traffic 
is  re-routed  within  50  millisec  of  a  system  outage. 
DC-Net  is  designed  to  provide  99.98%  availability. 
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Avaya  provides  redundant 
switches,  gateways  and 
PBXs  to  support  voice 
services  over  DC-Net. 
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DC-Net  uses  Cisco  ONS 15454 
Multiservice  Provision  Platform 
for  core  SONET  services. 

For  IP  routing,  it  uses  multiple 
redundant  Cisco  12000  series 
routers  at  the  core  and  Cisco 
7300  series  routers  at  the  edges 
of  its  IP  network  to  ensure 
Ethernet  services. 
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To  build  DC-Net,  the  government 
bought  fiber  from  Comcast,  Level  3 
Communications  and  Starpower.and  laid 
some  fiber-optic  lines  of  its  own  to  create 
the  citywide  network  footprint  it  needed. 

DC-Net’s  infrastructure  uses  Cisco’s  opti¬ 
cal  provisioning  platforms,  routers  and 
switches.  Avaya  is  providing  PBXs  that 
support  ISDN  handsets  the  district  gov¬ 
ernment  bought  years  ago. 

“We  didn’t  go  with  [VoIP]  because  we 
already  had  50,000  ISDN  handsets . . .  and 
we  can’t  afford  to  throw  them  out,”  Roy 
says. “Down  the  road,  maybe  we’ll  go  to 
VoIP  but  not  until  the  technology  is 
proven.” 

DC-Net  is  using  many  network  manage¬ 
ment  platforms,  including  HP  Open  View, 
and  software  from  Hummingbird, 
InfoVista,  Micromuse  and  Remedy. 

The  network  will  support  lots  of  emerg¬ 
ing  and  legacy  network  protocols,  includ¬ 
ing  Ethernet,  frame  relay  ISDN,  Multi-pro¬ 
tocol  Label  Switching,  Switched  Multi¬ 


megabit  Data  Service, TCP/IP  and  TDM. 

All  data  and  voice  traffic  from  all  the 
city’s  agencies  will  ride  over  DC-Net. The 
network’s  traffic  will  include  91 1  emer¬ 
gency  calls  to  real-time  interactive  video 
for  the  public  school  system. 

The  city’s  new  backbone  even  will 
carry  the  data  from  industrial  automa¬ 
tion  systems  for  applications  such  as  traf¬ 
fic  light  monitoring.  Ultimately,  Washing¬ 
ton  officials  envision  offering  a  Web  site 
where  citizens  can  watch  the  progress  of 
snowplows  through  city  streets,  thanks  to 
data  gathered  and  sent  via  DC-Net. 

“DC-Net  is  truly  integrating  every  flow  of 
electrons  through  the  D.C.  government ' 
Bjorklund  says.  “That’s  very  significant 
and  very  big.  I  don’t  know  of  anybody 
else  who  is  building  such  an  integrated 
network  on  this  scale.” 

Before  building  DC-Net,  the  city  had  a 
hodgepodge  ofTl  and  T-3  lines  leased  bv 
various  departments.  The  city’s  poln  e, 
See  DC-Net,  page  22 
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Vernier  boosts  mgmt,  security  of  WLAN  pack 


■  BY  JOHN  COX 

A  new  version  of  Vernier  Net¬ 
works’  WLAN  security  and  man¬ 
agement  software  could  be  a 
major  step  forward  in  simplifying 
wireless  deployments,  according 
to  one  beta  tester. 

One  change  in  Version  4.0  that 
could  have  the  most  immediate 
impact  for  administrators  is  the 
redesigned  GUI,  which  makes  it 
easier  and  faster  to  assign,  moni¬ 
tor  and  change  the  access  rights 
of  lots  of  users. 

Other  changes  include: 

•  The  ability  to  manage  up  to 
10,000  —  a  10-fold  increase  over 
the  pervious  version. 

•  A  filter  for  detecting  and  quar¬ 
antining  infected  wireless  clients. 


•  A  data-analysis  program, 
called  Vernier  Reporter,  to  run 
trend  analyses  of  user  activity 

•  Giving  WLAN  bandwidth  pri¬ 
ority  to  users  based  on  their  iden¬ 
tity  application,  time  of  day,  etc. 

Vernier  is  one  of  many  firms, 
including  Bluesocket.Cranite  and 
Fortress,  that  sell  software  running 
on  controllers  to  secure  and  man¬ 
age  enterprise  WLANs. 

Wireless  access  points  plug  into 
a  Vernier  AM  6500  Access  Man¬ 
ager,  which  is  a  rack-mounted 
appliance  for  remote  offices  or 
LAN  segments.  The  Access  Man¬ 
agers  filter  wireless  packets  and 
enforce  network  security  and 
management  policies.  These  de¬ 
vices  connect  with  one  or  more 
Vernier  CS  6500  Control  Servers, 


usually  in  a  regional  or  head¬ 
quarters  office.  This  server  hosts 
the  Vernier  management  soft¬ 
ware,  handles  connections  to 
RADIUS  or  other  authentication 
systems,  and  stores  data  and  rules 
on  user  access  rights. 

Hitachi  Consulting,  the  Dallas 
consulting  arm  of  Hitachi,  chose 
Vernier  last  year  to  solve  the  secu¬ 
rity  problems  anticipated  with  the 
rollout  of  new  laptops  equipped 
with  built-in  WLAN  adapters.  The 
company  wanted  to  make  sure 
clients  connecting  to  the  WLAN 
access  points  were  Hitachi  users, 
accessing  only  data,  applications, 
and  other  corporate  resources  for 
which  they  were  authorized, 
according  to  Michael  Shisko,  IT 
director  for  the  consulting  group. 


They  deployed  Vernier  Access 
Managers  at  15  sites,  which  have 
about  six  access  points,  and  one 
Control  Server  at  headquarters. 

“Version  4  has  significantly 
improved  the  visual  representa¬ 
tion  of  actions  being  taken  [by 
administrators],” he  says.“Now  it’s 
a  simple  matter  to  view  the  flow 
of  traffic  through  the  various 
[access]  rules, and  to  re-order  the 
rules  if  necessary” 

Version  4.0  is  shipping  on  the 
Vernier  hardware.  A  redundant 
system,  with  two  Control  Servers, 
and  three  Access  Managers  for 
3,000  users  costs  $35,000.  The 
Vernier  Reporter  is  a  free  upgrade 
for  customers.  At  some  point,  it 
will  sell  as  an  optional  program, 
for  about  $3,000.  ■ 


Wireless  plans 
for  2004 

Based  on  a  survey  of 
118  current  users 

80% 

will  expand  WLAN 
deployment  in  the  first 
six  months  of  2004; 

74% 

will  improve  security 
management  controls. 
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of  Denver,  a  managed  care  organization  that  sup¬ 
ports  two  hospitals.  Catalyst  6509s,  which  are  outfit¬ 
ted  with  the  802.3af  blades,  support  its  more  than 
300  Wi-Fi  access  points  and  Cisco  IP  phones. 

Exempla  rolled  out  wireless  to  support  mobile 
nursing  stations  that  let  nurses 
access  patient  charts  and  a 
database  over  a  wireless  LAN. 

Powering  the  275  access 
points  spread  across  three  hos¬ 
pitals  helped  the  firm  reduce 
its  project  costs  by  12%  at  one 
hospital,  and  22%  at  another. 

“Not  having  to  pull  a  1 10-volt 
electrical  outlet  to  each 
[access  point]  was  a  tremen¬ 
dous  cost  savings,”  says  Lots 
Pook,  CTO  at  Exempla.  The 
firm  also  uses  FbE  switches  to 
power  120  Cisco  IP  phones  in 
a  pilot  IP  telephony  project. 

To  upgrade  its  Catalysts  for  PoE,  Exempla  used  new 
PoE  daughtercards,  which  add  802.3af  support  to  the 
chassis,  and  a  new  48-port  10/100M  bit/sec  802.3af 
blade.  An  803.3af  daughtercard  also  is  available  for 
the  Catalyst  4500  chassis. 

Cisco  had  shipped  PbE  blades  for  these  switches 
since  2000,  but  they  could  power  only  Cisco  and 
Cisco-compliant  endpoints.  The  IEEE  ratified  the 
803.3af  standard  last  July  With  the  new  802.3af  gear, 
Cisco  catches  the  vendor  up  with  its  competitors: 
3Com,  Alcatel,  Avaya,  Extreme  Networks,  Foundry 
Networks,  HP  and  Nortel  have  had  standards-based 
PoE  switches  since  2003. 

Cisco  FbE  blades  and  fixed-configuration  switches 
include: 

•  48-port  lO/lOO/lOOOM-bit/sec  modules  for  the 
Catalyst  6500  and  4500. 

•  48-port  10/100  modules  for  the  Catalyst  6500  and 
4500. 

•  A  96-port  10/100  module  for  the  Catalyst  6500  . 

•  24-  and  48-port  versions  of  the  stackable  Catalyst 
3750. 

•  24-  and  48-port  versions  of  the  non-stackable 
Catalyst  3560. 


The  96-port  blade  is  actually  a  48-port  Ethernet 
module  that  can  be  split  into  96  end-node  con¬ 
nections  from  any  standard  LAN  wiring  closet 
patch  panel, Cisco  says.  Ports  on  this  module  trans¬ 
mit  Ethernet  signals  on  all  four-wire,  wire-pair  con¬ 
tacts.  These  pairs  can  be  split  into  two  separate 
endstation  connections  between  a  wiring  closet 
and  an  Ethernet  wall  jack,  letting  the  switch  supply 
powered  Ethernet  connec¬ 
tions  to  twice  as  many  end 
nodes.  Powered  and  non- 
powered  Ethernet  nodes 
can  plug  into  blade  ports, 
Cisco  says. 

Cisco  also  has  weaved 
some  of  its  own  PoE  detec¬ 
tion  features  into  the  new 
chassis  products.  Catalyst 
chassis  switches  using  the 
new  PoE  equipment  —  via 
Cisco  Discovery  Protocol  — 
will  be  able  to  detect  power 
requirements  of  Cisco  Wi-Fi, 
IP  phone  and  other  devices, 
and  allocate  only  the  required  amount  of  power. 
Cisco  says  its  IP  phones  and  Wi-Fi  gear  draws  only 
6.2  and  10.3  watts,  respectively  while  803.3af-pow- 
ered  devices  deliver  15  watts.  By  detecting  these 
devices,  the  unused  wattage  is  redistributed.  This 
could  help  users  support  more  lower-powered 
devices,  such  as  IP  phones,  from  one  switch,  the 
company  says. 

The  IEEE  power  specification  delivers  more  cur¬ 
rent  vs.  the  Cisco  standard  (7.3  watts),  which  lets  it 
power  more  kinds  of  devices,  the  company  says. 
While  previous  Catalyst  chassis  can  be  upgraded 
with  the  803.3af  daughtercard  and  PoE  blades,  exist¬ 
ing  fix-configured  catalysts  cannot  be  upgraded. 

The  48-port  10/100/1000  FbE  card  for  the  Catalyst 
6500  is  available  now  for  $14,000,  while  the  96-port 
card  (48  ports,  splittable  at  the  patch  panel)  also 
costs  $14,000.The  48-port  10/100  blade  costs  $8,000. 
A  Catalyst  6500  FbE  daughtercard  for  48  ports  costs 
$2,000, and  a  96-port  version  costs  $3,500. 

Catalyst  4500  10/100  FbE  blades  start  at  $6,500  and 
10/100/1000  blades  cost  $7,500.  The  Catalyst  3750 
with  FbE  starts  at  $4,800,  and  the  3560  starts  at 
$3,800.  ■ 


Catalyst  6500  (right)  and  4500  chassis  with 
Cisco's  inline  support  can  now  be  retrofitted 
with  standards-based  PoE  support. 


■ 

■  Lessons  from  Leading  Users 
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fire,  health  and  education  departments  ran  their  own  networks 
with  services  leased  from  Verizon.  Now  all  of  these  agencies  will 
use  the  DC-Net  backbone. 

“The  No.  1  reason  we’re  building  DC-Net  is  to  have  a  reliable  and 
available  infrastructure  for  public  safety  communications,  both 
data  and  voice,”  Roy  says. 

Big  savings 

By  consolidating  its  data  and  voice  traffic,  the  government 
expects  to  rack  up  significant  savings.Washington  currently  spends 
$30  million  per  year  on  data  and  voice  services  from  Verizon.  By 
switching  this  traffic  to  DC-Net,  the  city  expects  to  save  $10  million 
a  year  in  telecom  costs. 

“The  savings  start  at  cutover,  in  early  2004, as  soon  as  we  put  up  a 
few  of  the  high-profile  buildings,”  Roy  says. 

The  district  plans  to  create  a  separate  legislative  entity  that  will 
sell  DC-Net  services  to  select  organizations,  such  as  the  city’s  new 
convention  center,  similar  to  how  it  sells  water  and  sewage  ser¬ 
vices  to  some  private  organizations.  “But  we’re  not  going  into  the 
phone  business,”  Roy  adds. 

For  most  citizens,  the  biggest  benefit  of  DC-Net  is  likely  to  be 
improved  911  response  rates.  The  district  government  has  been 
criticized  for  its  poor  911  system.  Now  it  will  be  one  of  the  first 
cities  in  the  country  to  route  91 1  calls  over  its  own  network.This 
will  give  the  city  more  control  over  tracking  these  calls  from  the 
minute  they  enter  the  system  until  emergency  services  are  dis¬ 
patched,  Roy  says. 

The  government  expects  to  have  its  core  downtown  city  govern¬ 
ment  buildings  —  including  its  two  data  centers  —  on  DC-Net  by 
June.  Eighty  buildings  will  be  connected  by  the  end  of  September. 
DC-Net  will  support  more  than  30,000  users. 

“We  expect  to  have  80%  of  the  D.C.  government  on  DC-Net  by  the 
end  of  2004,”  Roy  says. 

First  the  city’s  data  traffic  and  then  its  voice  traffic  will  be  moved 
to  DC-Net.  Migrating  voice  traffic  to  DC-Net  “is  where  the  money  is," 
Roy  says. 

The  district  government  has  two  network  projects  underway  The 
first  is  building  a  new  Unified  Communications  Center  for  han¬ 
dling  911  calls.The  other  is  building  a  private,  high-speed  wireless 
data  network  for  public  safety  communications.  DC-Net  will  sup¬ 
port  both  of  these.* 


AND  ANYWHERE  IN  BETWEEN. 


INTRODUCING  QWEST’S  NEWLY  EXPANDED  COVERAGE  AREA:  Today  Qwest®  offers  integrated  voice  and  data  services 
nationwide  on  our  own  network.  So  your  business  can  now  use  Qwest  for  fully  managed,  end-to-end,  point-to-point  solutions, 


enhanced  call  center  applications,  dedicated  long-distance  and  toll-free  services.  If  you  need  to  connect  remote  users  or 
locations  nationwide,  you  can  do  it — all  on  our  state-of-the-art  OC-192  nationwide  network.  That’s  a  Spirit  of  Service  that 
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INTERNET  SOLUTIONS 


MANAGED  SOLUTIONS 


keeps  growing.  And  stays  with  you  for  the  long  haul. 


To  find  out  more,  call  1  800-506-0663  or  visit  qwest.com/bizspirit 
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BIG-IP:  The  Essential  Component  Fo 


F5  Networks’  BIG-IP®  Blade  Controller  helps  enterprises  get  maximum  efficiency,  reliabil 


United  Title,  a  leading  title  and  escrow 
company,  turned  to  blade  servers  when  it 
needed  a  high-density  server  solution  in  its 
automated,  unmanned  data  center.  CRG  - 
Total  Event  Solutions,  an  event  management 
and  planning  company,  likewise  installed 
blades  to  deliver  high  availability  and 
peak  performance  for  its  event  registration 
Web  sites.  _ 

These  are  but  two  of  the  many 
enterprises  turning  to  blade  server  tech¬ 
nology  to  pack  more  processing  power 
into  a  smaller  area  while  simplifying 
deployment  and  management.  As  more 
companies  install  blades,  however,  they 
find  blades  alone  won't  solve  all  their 
problems.  To  gain  maximum  efficiency 
and  reliability,  companies  including 
United  Title  and  CRG  also  installed  F5's 
BIG-IP  Blade  Controller  software  to 
maintain  maximum  uptime,  perform¬ 
ance  and  security. 

Blade  server  computing  is  catching 
on  in  a  big  way,  according  to  market 
research  firm  IDC,  which  expects  sales  of 
Intel-based  blades  to  grow  from  $148 
million  in  2002  to  $2.9  billion  by  2005. 

For  all  their  obvious  benefits,  however, 
blades  are  subject  to  some  of  the  same  manage¬ 
ment  challenges  as  traditional  servers.  For  one, 
although  individual  blades  and  the  applications 
running  on  them  may  physically  sit  in  the  same 
chassis,  they  have  no  inherent  knowledge  of  one 
another  -  no  more  so  than  two  servers  sitting  side 
by  side  in  a  data  center.  That  means  blades  will 
not,  by  themselves,  back  up  one  another  during  a 
hardware  or  application  failure.  Similarly,  you 
can't  count  on  application  optimization  or  securi¬ 
ty  features  being  built-in. 

F5's  BIG-IP  Blade  Controller  software  helps 
address  these  issues,  adding  improved  reliability 
and  performance  to  blade  server  implementa¬ 
tions.  BIG-IP  software  runs  on  one  or  two  blades 
within  a  blade  server  chassis  and  creates  a  single 
virtual  server  out  of  all  remaining  blades. 
Intelligent  traffic  management  techniques  help 
BIG-IP  effectively  direct  traffic  for  all  IP-based 
applications  running  in  the  blade  server  chassis, 
including  Web  servers,  application  servers,  caches 
and  firewalls.  Should  a  single  blade  or  application 


fail,  BIG-IP  software  directs  traffic  to  another 
blade,  improving  overall  availability  for  end  users. 
It  also  offloads  Secure  Sockets  Layer  (SSL)  process¬ 
ing  and  handles  other  security  chores. 
Collectively,  these  features  give  organizations  the 
flexibility  they  need  to  scale  their  server  environ¬ 
ments  while  maintaining  control,  availability  and 
the  cost  savings  that  blades  can  bring. 


BIG-IP  GIVES  YOU  CONTROL  OVER  BLADES 

Application  Server 
Application  Server 
Database 
Cache 


Firewall 
Web  Server 
Web  Server 
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BIG-IP9  intercepts,  inspects, 
transforms,  and  directs  all  IP  based 
traffic  to  the  most  appropriate 
application  or  resource  depending 
on: 

•  Performance 

•  Availability 

•  Security 

•  Reliability  of  the  server  blades 
or  applications 


—  Load  Balancing  and 
IP  Traffic  Management 


Ingress  Traffic 


CRG  likewise  installed  blade  servers  to  support 
the  "shrink-wrapped"  registration  Web  sites  that 
it  offers  to  customers.  With  as  many  as  20  high- 
profile  events  occurring  simultaneously,  each  with 
potentially  thousands  of  applicants  registering  at 
the  site,  CRG  needed  both  24/7  availability  and 
efficient  load  balancing. 

"We  needed  to  achieve  as  close  to  100% 

_  uptime  as  possible.  We  also  needed  to 

know  that  whenever  we  needed  to  run 
updates  or  run  maintenance  on  the  sys¬ 
tem,  that  we  would  avoid  downtime," 
says  Scott  Hankinson,  VP  of  Information 
Technology  for  CRG.  F5's  BIG-IP  Blade 
Controller  software  enabled  CRG  to 
unify  independent  application  and  serv¬ 
er  resources  and  present  them  as  one. 
That  enabled  the  company  to  create  a 
highly  scalable  platform  while  ensuring 
that  the  blade  servers  and  applications 
were  always  available  and  secure,  even  if 
one  blade  is  taken  out  for  maintenance. 


ACHIEVING  RESOURCE  EFFICIENCY 
Most  companies  have  discovered 
that,  as  their  server  environments  grow 
larger,  they  require  significant  IT  staff 
resources  to  manage.  Installing  blade 


CUSTOMER  SUCCESS  STORIES 

United  Title  installed  20  HP  ProLiant  BL  lOe 
server  blades  in  a  single  enclosure  to  garner  the 
processing  power  it  needed  to  run  critical  busi¬ 
ness  applications.  The  blades  enabled  the  compa¬ 
ny  to  fit  all  the  processing  power  it  needed  in  a 
mere  10x10  foot  cage  that  houses  a  remote, 
unmanned  data  center. 

While  the  blades  solved  the  space  problem, 
United  Title  still  needed  a  better  load  balancing 
solution  for  its  Web  server  traffic.  It  opted  for 
F5's  BIG-IP  solution  that  integrates  directly  with 
its  HP  blades.  "Having  a  premier  load  balancing 
and  traffic  management  software  solution  inte¬ 
grated  directly  into  the  HP  ProLiant  server  blade 
architecture  was  ideal  for  our  situation,"  says 
Peter  Bowman,  CIO  for  Nations  Holding  Group, 
which  owns  United  Title.  "This  unique  combina¬ 
tion  is  a  testament  to  how  well  HP  and  F5  work 
together.  They  provide  solutions  with  the  reliabil¬ 
ity,  performance  and  scalability  we  need  for  our 
Web  applications." 


servers  makes  managing  the  hardware  simpler, 
but  it  doesn't  address  how  to  effectively  tie  all 
redundant  applications  together.  In  the  end, 
many  organizations  wind  up  wasting  computing 
resources  in  their  efforts  to  provide  redundancy. 

BIG-IP  Blade  Controller  software  addresses 
these  issues  with  its  ability  to  present  multiple 
servers  and  applications  as  one,  a  concept  known 
as  virtualization.  Users  can  create  a  virtual  server 
by  grouping  resources  based  on  IP  address  or 
application.  Dynamic  load  balancing  capabilities 
ensure  that  each  request  goes  to  the  server  that  is 
best  able  to  handle  it.  Rather  than  managing 
hundreds  of  discrete  units,  customers  can  manage 
their  blade  and  application  resources  as  one 
system,  dramatically  simplifying  the  job  and 
potentially  reducing  the  number  of  blades 
required  to  satisfy  a  given  application. 

PROVISIONING  IN  A  MULTI-VENDOR  WORLD 

BIG-IP  Blade  Controller  software  runs  on  blade 
servers  from  leading  blade  vendors,  including  HP, 


View  the  Webcast  featuring  F5’s  BIG-IP  Blade  Server  at 

www.nwfusion.com/go/F5 
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Blade  Servers 

and  security  from  blade  server  implementations. 


Sponsored  by 


Deli  and  IBM.  Companies  that  are  migrating 
applications  from  traditional  servers  to  blade 
environments  will  find  BIG-IP  Blade  Controller 
enables  them  to  manage  traffic  both  within  and 
outside  the  blade  environment.  By  virtualizing 
all  of  the  resources  behind  each  application,  BIG-IP 
also  eases  the  migration  of  applications  from 
traditional  servers  to  blades. 

F5  also  offers  a  wide-area  traffic  management 
tool  on  blades,  the  3-DNS  Controller.  3-DNS  shut¬ 
tles  end  user  requests  to  the  most  appropriate 
data  center  based  on  business  policies,  conditions 
at  each  center  and  network  conditions,  helping  to 
ensure  global  business  continuity  and  availability. 

TYING  IN  APPLICATIONS  WITH  ICONTROL 

F5  created  an  open  API,  called  iControl, 
enabling  two-way  communication  between 
BIG-IP  and  multiple  vendor  applications.  Based 
on  the  SOAP  and  XML  standards,  iControl 
enables  an  application  or  network  hardware 
component  to  tell  BIG-IP  that  it  is  available  and 
to  automatically  add  it  to  the  virtual  pool  of 
available  resources.  Several  blade  server  ven¬ 
dors,  as  well  as  many  application  providers  such 
as  Microsoft  and  Oracle,  have  either  already 
delivered  this  type  of  integration  with  BIG-IP  or 
are  working  to  do  so. 


The  iControl  interface  enables  BIG-IP  to  inte¬ 
grate  with  custom  and  packaged  applications, 
creating  a  tightly  integrated  environment  that 
reduces  hardware  and  application  provisioning 
time  and  delivers  total  control  of  Internet  traffic. 

Together,  blade  servers  and  iControl  can 
dramatically  reduce  the  time  it  takes  to  provision 
new  hardware  and  applications.  Provisioning 
normally  requires  tight  coordination  between 
network,  system  and  application  personnel, 
making  it  a  process  that  is  prone  to  delay.  Blade 
servers  help  address  the  hardware  side  of  the 
problem,  since  blades  are  typically  hot-plug¬ 
gable,  while  iControl  addresses  the  application 
end.  Additionally,  BIG-IP's  dynamic  server 
allocation  and  load  balancing  algorithm  can 
bring  applications  online  automatically  when 
user  thresholds  are  met.  For  example,  if  a  Web 
server  is  experiencing  an  abnormally  high  load, 
BIG-IP  could  automatically  pull  additional  Web 
server  power  from  the  virtual  pool  of  resources  - 
all  without  manual  intervention. 

AVAILABILITY,  SCALABILITY,  SECURITY 
In  addition  to  its  dynamic  load  balancing  algo¬ 
rithms,  BIG-IP  has  flexible  rules  as  well  as  applica¬ 
tion  and  server  health  monitoring  capabilities 
to  intelligently  direct  traffic  to  the  optimal 
individual  server  at  any  given 
point  in  time.  BIG-IP  also  has 
extensive  failover  capabilities, 
enabling  it  to  redirect  traffic 
around  failed  servers  or  applica¬ 
tions  and  to  ensure  that  a  down 
server  or  application  doesn't 
affect  the  user  experience.  In  short, 
BIG-IP  increases  overall  server  avail¬ 
ability  and  scalability,  as  well  as 
performance. 

BIG-IP  software  also  helps 
address  the  number  one  concern 
for  many  enterprises  these  days  - 
security.  For  starters,  BIG-IP  can 
offload  the  encryption  and 
decryption  of  SSL  traffic  from  indi¬ 
vidual  servers.  That  saves  process¬ 
ing  power  on  the  individual  Web 
servers  that  no  longer  have  to 
process  SSL  requests.  It  also 
enables  the  enterprise  to  save 


money  on  SSL  certificates — which  cost  an  aver¬ 
age  of  $1,000  apiece — because  they  need  only 
one  for  the  BIG-IP  implementation  instead  of 
individual  certificates  for  each  server  that  handles 
SSL-enabled  applications. 

Other  features  built  into  BIG-IP,  such  as  its 
Universal  Inspection  Engine,  enable  the  software 
to  look  for  viruses,  malformed  payloads  and  other 
potentially  dangerous  types  of  traffic.  BIG-IP  also 
protects  against  denial  of  service  (DOS)  attacks 
with  its  SYN  Check  feature,  which  proxies  Layer  4 
and  Layer  7  connections  until  they  are  authenti¬ 
cated.  In  other  words,  BIG-IP  lets  the  good  traffic 
through  and  keeps  the  bad  traffic  out. 

RETURNING  TO  ITS  ROOTS 

In  many  respects,  BIG-IP  Blade  Controller 
represents  a  return  to  F5's  origins.  While  the 
company  has  always  focused  on  producing  soft¬ 
ware  that  improves  application  performance, 
availability,  reliability  and  security,  it  originally 
married  its  software  with  high-performance 
hardware  platforms,  delivering  its  products 
in  an  appliance  format.  The  strategy  proved 
effective,  earning  F5  high  marks  from  its 
customers  as  well  as  the  analyst  community. 

"We  still  consider  F5  to  be  the  thought 
leader  in  the  market.  It  continues  to  add  to  a 
broad  product  offering  and  includes  a  dizzying 
group  of  features,  some  of  which  competitive 
vendors  have  built  entire  product  offerings 
around,"  reports  Gartner,  Inc.  in  its  November 
2002  "Web  Optimization  Magic  Quadrant" 
report,  which  positions  F5  as  the  market  leader. 
"We  are  also  seeing  the  fruits  of  F5's  iControl 
strategy.  Tangible  examples  of  partner  and 
end-user  integration  of  iControl's  functionality 
are  emerging." 

The  market  research  firm  ZapThink  LLC, 
based  in  Waltham,  Mass.,  likewise  has  words 
of  praise  for  BIG-IP,  iControl  and  3-DNS  in  its 
May  2003  report,  "Optimizing  Web  Services  in 
the  Enterprise."  "F5  Networks'  products  tran¬ 
scend  the  current  understanding  of  what  a 
network  device  does  and  its  role  in  the  enter¬ 
prise  architecture,"  the  report  says.  "F5  is 
facilitating  the  optimization  of  Web  services 
in  the  enterprise  and  helping  to  make  the 
secure,  efficient  and  reliable  integration  of 
systems  a  reality." 


TYING  IN  THE  APPS  WITH  iCONTROL 


The  F5  iControl  interface  enables  BIG-IP  to  integrate  with  custom 
and  packaged  applications,  creating  a  tightly-integrated  environ¬ 
ment  that  reduces  hardware  and  application  provisioning  time  and 
delivers  total  control  of  Internet  traffic. 


Learn  more  about  F5’s  BIG-IP  Blade  Controller  and  the  rest  of  the  F5  product  family 

Go  to:  www.f5.com/nwwbc 
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Rock  the  'Net  vote 


I  live  in  Santa  Clara  County  in  California. 
This  year  we  are  switching  from  punch 
card  voting  (the  stuff  which  caused  all 
those  problems  in  Florida  four  years  ago) 
to  computerized  voting  terminals  with 


touch  screens.  I've  tried  them,  and  they’re 
marvelous  tools. 

I  especially  like  that  when  you  are  fin¬ 
ished  and  tell  the  machine  to  record  your 
vote,  it  displays  a  summary  and  asks  if 


VoIP  wins  in  a 
knockout! 


Zultys  is  the  technology  leader  in  the  IP  telephony  space, 
and  we  have  the  awards  to  prove  it. 

When  we  launched  our  first  product  a  year  ago  we 
promised  to  deliver  the  best  IP  telephony  products.  Since 
then,  we  have  launched  5  new  products  along  with  the 
industry’s  most  innovative  licensing  plan.  Each  product  is 
based  on  open  standards  and  has  been  proven  to  be  easy 
to  install  and  use. 

MX1200 — the  world’s  first  Enterprise  Media  Exchange. 

MX250 — the  Media  Exchange  designed  specifically  for 
the  smaller  site. 

ZIP  4x4 — the  world’s  most  highly  functional  IP 
telephone. 

ZIP  2 — the  affordable  IP  phone  for  any  business 
application. 

LIPZ4 — free  soft  phone  for  Linux:  www.lipz4.com. 

Call  us  today  to  find  out  how  your  organization  can 
benefit  from  the  winning  communications  solutions 
available  from  Zultys. 
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Zultys  Technologies 

771  Vaqueros  Avenue 
Sunnyvale,  CA  94085 
USA 

Tel: + 1  -408-328-0450 
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you’re  sure  that’s  what  you  want  to  do.  In 
many  ways,  it  resembles  some  of  the  better 
e-commerce  Web  sites. 

David  Dill  is  a  professor  of  computer  sci¬ 
ence  at  Stanford  University,  which  also  hap¬ 
pens  to  be  in  Santa  Clara  County  He  knows 
that  computers  can  be  tampered  with  and 
is  on  a  mission  to  be  sure  the  rest  of  the 
world  also  knows  that. 

But  what  Dill  and  others  like  him,  namely 
Johns  Hopkins  University  computer  secur¬ 
ity  expert  Aviel  Rubin,  overlook  are  two 
important  issues.  First,  the  general  press 
(newspapers,  news  magazines,  ABC,  CBS, 
CNN,  Fox  and  NBC)  doesn’t  understand 
computers  or  security  so  they  simplify  the 
message,  which  tends  to  come  out  as: 
“Computers  will  deal  death  to  demo¬ 
cracy!”  More  importantly,  though,  is  the  sec¬ 
ond  issue  —  while  computerized  voting 
isn’t  completely  secure,  it’s  more  secure 
and  more  reliable  than  any  other  method 
we’re  currently  using. 

Dill  led  a  movement  to  force  California 
counties  to  add  printers  to  the  computer¬ 
ized  voting  terminals  so  that  voters  would 
have  a  hard  copy  of  their  vote.This  printout 
could  also  be  placed  in  a  sealed  box  to  use 
for  a  possible  recount.  We  could,  I  suppose, 
call  these  printouts  “ballots,”  and  the  sealed 
receptacles  “ballot  boxes.” 

Politicians  learned  how  to  stuff  ballot 
boxes  even  before  there  were  computers. 
Why  should  these  be  any  different?  In 
other  words,  why  is  this  more  reliable  than 
the  machine  totals  themselves?  I’m  also 
not  aware  of  any  other  voting  system  that 
includes  an  alternative  back-up  system. 
Certainly  punched  cards  don’t,  as  we  saw 
in  the  Florida  fiasco  in  2000.  But  neither  do 
paper  ballots  or  totalizator  machines  — 
both  of  which  also  are  easily  hacked  by  a 
knowledgeable  person. 

The  bottom  line  is  that  computerized  vot¬ 
ing  machines  —  even  those  running  Micro¬ 
soft  operating  systems  —  are  more  secure 
and  more  reliable  than  any  other  “secret 
ballot”  vote  tabulation  method  we’ve  used 
in  the  past.  Spread  the  word. 

Kearns,  a  former  network  administrator, 
is  a  freelance  writer  and  consultant  in 
Silicon  Valley.  He  can  be  reached  at 
wired@vquill.  com. 


Tip  of  the  Week 


Tip  of  the  week:  According 
to  a  number  of  speakers 
I  at  the  Digital  Democracy 
■  Teach-in  in  San  Diego  a  few 
I  weeks  ago  (www.oreillynet. 

!  com/et2004/)  the  Howard 
Dean  bubble  was  caused  by 
I  folks  who  thought  he  was 
|  running  for  “President  of  the 
|  Internet."  It  was  fun  watch- 
i  ing  the  blognoscenti  admit 
v  they  got  it  wrong! 


Our  new  OptiView  Network  Analysis  Solution 
integrates  packet  capture,  statistical  analysis 
and  network  discovery  so  you  can  see  your  entire 
enterprise  in  one  amazing  view,  fast.  No  need  to 
open  multiple  applications.  It's  all  right  there  before 
your  eyes,  on  one  console.  It  even  integrates  your 
tools  from  other  vendors  into  a  comprehensive 
solution  of  portable  and  distributed  software  and 
hardware  that  produces  unprecedented  network 
vision.  Tough  to  install  and  use?  Nope.  Flexible  and 
scalable?  Totally.  Buy  only  the  components  you 
need  now  and  add  more  analysis  power  as  your 


network  grows.  To  see  how  your  network  is 
performing  at  warp  speed,  you  really  ought  to  check 
this  out.  It's  Network  Supervision  at  its  finest. 
And  fastest. 

Seeing  is  believing. 

Go  to  www.flukenetworks.com/optiviewsolutions 
to  see  our  new  demo  now. 


NETWORKSUPERVISION 
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“Check  Point  Express  brings 
enterprise-class  security  to 
the  mid-sized  company  at  a 
price  and  performance  level 
that  meets  their  needs!’ 


Charles  Kolodgy,  Research  Director, 
Security  Products,  I  DC 


Complete  solutions 
Best  security. 
Highly  reliable. 
Cost  effective. 
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We  Secure  the  Internet. 


Secure  your  business  with  Check  Point  Express. 

Your  business  deserves  the  best  security  solution  available  today:  Check  Point  Express’?  Designed  for  companies  with 
100-500  employees,  Check  Point  Express  protects  your  business  with  the  same  superior  firewall  and  VPN 
technology  that  secures  97  of  the  Fortune  100.  Yet  it’s  priced  right  for  mid-size  businesses.  With  Check  Point  Express, 
you’ll  get  performance  you  can  always  rely  on,  and  security  you  don’t  have  to  worry  about.  Its  unique  features  include 
intelligent  network  and  application-level  protection.  And  its  intuitive  interface  simplifies  every  aspect  of  security 
management.  There  is  no  better  way  to  secure  your  critical  network  resources  and  connect  remote  users  and  sites. 
See  for  yourself.  Compare  Check  Point  Express  to  competing  offerings  at  www.checkpoint.com/compareexpress. 

Check  Point  Express  comes  pre-installed  on  appliances  from  Sun  and  Nokia 
SHGHBB9SB9  and  runs  on  open  servers  from  Dell,  IBM,  and  other  leading  manufacturers. 
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Internet  EDI:  Blending  old  and  new 


■  BY  ANN  BEDNARZ 

Wal-Mart  is  the  only  U.S.  retailer  that  sells 
Mary-kateandashley  One,  a  new  fragrance 
branded  by  twin  teenage  entertainment 
moguls  Mary-Kate  and  Ashley  Olsen.  Be 
hind  the  scenes,  fragrance  and  cosmetics 
manufacturer  Coty  depends  on  a  hybrid 
business-to-business  system  that  combines 
new  standards  and  old  technology  — 
older  than  the  Olsen  twins,  in  fact  —  to 
keep  Wal-Mart  s  shelves  adequately  stocked 
with  the  fragrance. 

The  old  part  of  the  technology  hybrid  is 
the  data  format:  Coty  uses  the  electronic 
data  interchange  standard  to  process  ord¬ 
ers  electronically  with  Wal-Mart.  An  e-com¬ 
merce  staple,  EDI  has  been  around  for 


■  IBM  last  week  launched  an  Auto¬ 
nomic  Computing  Toolkit  to  help 
customers  build  self-healing  computer 
systems.  Based  on  the  Eclipse  open 
source  framework,  IBM's  autonomic 
tool  kit  will  work  with  the  IBM  Soft¬ 
ware  Development  Platform  and  is 
designed  to  help  customers  add  auto¬ 
nomic  elements  to  their  applications. 
The  tool  kit  contains  embeddable  com¬ 
ponents,  tools,  usage  scenarios  and 
documentation.  The  tool  kit,  which 
supports  IBM  AIX,  Linux  on  Intel  sys¬ 
tems  and  Windows  2000  platforms, 
also  includes  online  tutorials  and  user 
guides  to  help  developers.  It  is  avail¬ 
able  at  www.ibm.com/autonomic. 
Upgraded  versions  will  be  released 
throughout  the  year,  IBM  said. 

■  Enterprise  instant-messaging  ven¬ 
dor  IMIogic  last  week  demonstrated 
a  product  that  lets  customers  build  IM 
capabilities  into  their  applications.  The 
product,  called  IM  Linkage,  lets  pres¬ 
ence  and  messaging  capabilities  from 
multiple  IM  networks  be  integrated 
with  Java  2  Platform  Enterprise  Edi¬ 
tion,  Microsoft  .Net  or  Web-services- 
based  applications.  General  release  of 
IM  Linkage  is  planned  for  the  end  of 
the  second  quarter.  Pricing  will  be 
announced  then. 


more  than  20  years  as  a  standardized  way 
for  trading  partners  to  transmit  business 
documents  and  forms  such  as  purchase 
orders,  invoices  and  shipping  notices. 

What’s  new  in  Coty’s  setup  is  the  transport 
mechanism:  Coty  is  swapping  EDI  mes¬ 
sages  with  Wal-Mart  over  the  Internet,  rather 
than  using  a  value-added  network  (VAN). 
Traditional  EDI  goes  hand  in  hand  with  a 
VAN;  retailers  and  suppliers  typically  de¬ 
pend  on  a  VAN  provider’s  private  network 
services,  which  assure  the  secure  transmis¬ 
sion  of  documents. 

The  Internet  has  made  that  dependence 
fade.  Companies  are  looking  to  move  some 
or  all  of  their  EDI  transactions  to  the  Inter¬ 
net  because  the  technology  costs  less  than 
VANs  and  is  relatively  simple  to  implement. 
While  VAN-based  EDI  traffic  is  roughly  flat, 
Internet  EDI  transactions  are  growing  at  an 
annual  rate  of  50%  to  60%,  according  Meta 
Group. 


■  BY  JOHN  FONTANA 

Corporate  users  are  looking  for  hardware 
and  software  they  say  is  critical  to  building 
scalable  infrastructure  to  support  the 
secure  integration  of  data  and  applications 
using  Web  services. 

The  goal  is  to  create  a  layer  of  middle¬ 
ware  as  part  of  a  service-oriented  architec¬ 
ture  (SOA)  that  will  enforce  policies  and 
rules  at  wire  speed  for  services  such  as 
security,  routing  and  workflow.  Applications 
based  on  Web  services  can  plug  into  the 
middleware  layer,  which  will  support  reuse 
of  components  and  services  and  make  it 
easier  to  compile  Web  services  into  com¬ 
posite  applications. 

Vendors  are  rushing  to  provide  the  pieces 
for  that  layer.  Last  week,  Blue  Titan  Software 
and  DataFbwer  unveiled  plans  to  integrate 
their  products.  Blue  Titan  develops  soft¬ 
ware  for  Web  services  management  while 
DataFbwer  builds  network  hardware  for 
secure  XML  message  processing  and  accel- 
eration.The  companies  will  create  a  single 
management  interface  that  will  be  avail¬ 
able  this  summer,  and  by  year’s  end 
DataFbwer’s  XS40  hardware  will  become 
the  policy  enforcement  control  point  for 
Blue  Titan’s  Network  Director  software.The 
two  companies  deny  a  full-scale  merger  is 
in  the  offing. 


The  primary  appeal  of  Internet  EDI  is  that 
it  reduces  companies’  reliance  on  VANs 
and  their  associated  fees.  Internet  EDI  also 
makes  it  easier  for  companies  to  conduct 
business  electronically  with  smaller  part¬ 
ners  that  don’t  have  sophisticated  IT  infra¬ 
structures.  Although  traditional  EDI  re¬ 
quires  each  trading  partner  to  install  com¬ 
plex,  proprietary  software,  Internet-based 
EDI  lets  companies  conduct  EDI  through  a 
Web  browser  or  by  installing  basic  client 
software. 

Another  advantage  of  Internet  EDI  is  it 
lets  a  company  migrate  some  of  its  part¬ 
ners  to  the  Web  while  maintaining  other 
proprietary  connections  in  situations  that 
demand  it. 

In  response  to  demand,  a  number  of  ven¬ 
dors  —  start-ups  and  established  VAN 
providers  looking  to  expand  their  portfolio 
—  offer  software  and  hosted  services  for 
Internet  EDI,  including  ADX,  bTrade, 


“The  integration  allows  us  to  create  com¬ 
posite  applications  [based  on  Web  ser¬ 
vices]  in  a  secure  fashion  that  enables  data 
and  process  integration,"  says  a  senior  IT 
executive  with  a  Fortune  500  company 
who  asked  not  to  be  identified. The  execu¬ 
tive  says  his  company  is  building  a  SOA 
and  adapting  homegrown  sales,  financial 
and  marketing  applications  to  take  advan¬ 
tage  of  it.’AIl  new  applications  that  get  built 


Cyclone  Commerce,  GXS,  iSoft  and  Sterling 
Commerce. 

Driving  the  trend  to  Internet  EDI  are  man¬ 
dates  from  influential  companies  —  in¬ 
cluding  Wal-Mart.  As  of  the  end  of  2003, Wal- 
Mart  requires  many  of  its  suppliers  to  send 
and  receive  EDI  data  via  the  Web.  Specific¬ 
ally  Wal-Mart  requires  the  use  of  Internet 
EDI  software  that  adheres  to  Applicability 
Statement  2  (AS2). 

AS2  is  a  draft  specification  that  describes 
how  to  create  a  connection  and  securely 
transport  an  EDI  file  over  the  Internet.  AS2 
provides  security  for  the  transport  of  HTTP 
packets  through  digital  signatures  and  data 
encryption.  AS2  also  provides  for  non-repu¬ 
diation  —  proof  that  a  transaction  was  per¬ 
formed  at  a  certain  time  and  by  legitimate 
parties  —  through  the  use  of  receipts. 

The  AS2  specification  was  developed  by 
the  lETF’s  EDI  over  the  Internet  (EDIINT) 

See  EDI,  page  30 


adhere  to  the  SOA,”  the  executive  says. The 
SOA  includes  shared  services,  federated 
control,  a  common  security  model  and  in¬ 
terface  language, and  the  loose  coupling  of 
application  components. 

The  executive  says  building  an  SOA  is  a 
three-  to  four-year  project  and  that  pieces 
are  still  maturing, such  as  business-process 
automation  software  from  vendors  such  as 
See  Components,  page  30 


Internet  routing  table  growth  projections 

Analyst  firm  New  Rowley  Group  says  a  layer  is  needed  in  a  SOA  that  will 
enforce  policies  and  rules  in  a  uniform  manner.  This  so-called  services 
infrastructure  layer  will  be  made  up  of  a  set  of  inexpensive  control 
points  running  servers  or  dedicated  hardware  that  will  handle: 

Security:  Control  points  will  intercept  XML  messages,  verify  authors  and 
authenticity,  and  perform  encryption  and  decryption. 

Routing  optimization:  Messages  will  be  examined  to  determine  where  to  send 
them,  based  on  such  factors  as  load  balancing  or  a  sender’s  service-level  ranking. 

Transformation:  Message  formats,  or  schemas,  can  be  changed  to  facilitate 
the  sharing  of  data. 

Workflow:  Will  add  intelligence  to  messages  needed  to  create  composite 
applications. 

Monitoring  and  management:  Control  points  will  provide  data  to  monitor  . 
manage  collection  of  Web-services-based  software. 


Web  services  components  coming 
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Vendors  automate  patch  mgmt. 


■  BY  DENISE  DUBIE 

With  viruses  such  as  the  Blaster 
worm,  Sircam  and  Code  Red  costing 
companies  billions  of  dollars  in  dam¬ 
age,  server  and  desktop  management 
vendors  are  looking  to  take  advantage 
of  an  expected  surge  in  demand  for 
patch-management  products. 

Marimba  this  week  is  expected  to 
unveil  its  Security  Patch  Management 
software,  and  last  week  Altiris  added  sec¬ 
urity  features  to  its  Client  Management 
Suite  6  software  that  let  customers  write 
policies  for  distributing  software  up¬ 
dates  and  patches  to  multiple  machines. 

Meta  Group  estimates  that  40%  of  IT 
organizations  will  have  implemented 
dedicated  patch-management  process¬ 
es  on  servers  by  next  year,  with  that  num¬ 
ber  growing  to  75%  and  including  desk¬ 
tops  by  2007.  Gartner  predicts  that  by 
2007  the  market  for  patch-management 
tools  will  quadruple  from  2002  levels  to 
more  than  $40  million  in  new  license 
revenue. 

Experts  say  users  need  help  automat¬ 
ing  the  patch-management  process. 
According  to  CERT,  about  95%  of  net¬ 


work  intrusions  are  caused  by  exploita¬ 
tion  of  known  vulnerabilities  and  incor¬ 
rectly  configured  assets. 

Meanwhile,  Altiris  updated  its  server 
and  desktop  management  product  so 
that  it  can  inform  network  managers  of 
the  effect  an  unpatched  machine 
would  have  on  the  entire  network,  for 
instance.  Because  the  Altiris  suite 
includes  software  distribution  and 
inventory  capabilities,  the  company 
says  the  software  can  scan  networks  for 
vulnerable  machines  based  on  license 
compliance  and  automatically  send  the 
most  recent  patches. 

Altiris  consists  of  centralized  server 
software  and  agents  installed  on  man¬ 
aged  clients,  such  as  desktops,  servers 
and  mobile  devices.  Network  managers 
access  data  and  administer  the  product 
via  a  Web-based  interface,  which  the 
company  also  upgraded  to  customize, 
based  on  user  security  clearance,  man¬ 
agement  preferences  and  other  metrics. 

Scheduled  to  be  available  by  the  end 
of  next  month,  Altiris  Client  Manage¬ 
ment  Suite  6  pricing  starts  at  $80  per 
managed  node. 

Marimba’s  new  product  is  built  on  the 


company’s  server  and  desktop  manage¬ 
ment  software.  Security  Patch  Manage¬ 
ment  is  a  patch-only  product  that  com¬ 
petes  with  BigFix,  Configuresoft  and 
PatchLink,  while  Marimba’s  entire  soft¬ 
ware  distribution  suite  also  puts  it  in 
competition  with  Altiris,  LanDesk  and 
Novadigm. 

The  company  says  its  software  can 
automate  the  collection, testing, auditing 
and  deployment  of  patch  data.  Using 
centralized  server  software  and  agents 
installed  on  managed  devices,  the  soft¬ 
ware  gathers  information  about  soft¬ 
ware  licenses,  known  vulnerabilities  and 
interdependencies  among  managed 
nodes  on  a  network. 

Security  Patch  Management  also  will 
alert  network  managers  when  there  is  a 
conflict  among  patches  and  operating 
systems,  if  a  machine  needs  prerequi¬ 
site  patches  for  an  upgrade  and  the 
effect  of  rolling  out  patches  on  any 
managed  client,  the  company  says. 

Currently  in  beta  tests,  Security  Patch 
Management  is  scheduled  to  be  gener¬ 
ally  available  by  the  middle  of  next 
month.  Pricing  for  the  software  starts  at 
$35  per  managed  endpoint.  ■ 


Components 
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BEA  Systems,  IBM,  Oracle,  SeeBeyond  Tech¬ 
nologies,  Sonic, Tibco  and  webMethods. 

“This  is  the  type  of  infrastructure  that  all  service- 
enabled  applications  will  plug  into,”  says  Tom 
Rhinelander,  an  analyst  with  New  Rowley  Group. 
He  calls  the  infrastructure  the  service  infrastruc¬ 
ture  layer  (S1L),  which  is  consists  of  a  number  of 
control  points  that  intercept  XML  traffic  and 
decide  what  to  do  with  it.“The  SIL  can  route,  load 
balance,  provide  security  and  enforce  policy.  It’s 
SOA  middleware,”  he  says. 

Others  also  are  looking  to  plug  into  or  provide 
infrastructure  for  that  layer. 

This  week,  Westbridge  Technology  is  expected  to 
unveil  its  new  XA  2700  Web  services  management 
and  XML  firewall  appliance  and  a  partnership  to 
integrate  it  with  RSA  Security’s  ClearTrust  Web 
access  management  software. 

The  announcement  comes  on  the  heels  of  the 
acquisition  by  Web  access  management  vendor 
Oblix  of  Web  services  management  provider 
Confluent  just  two  weeks  ago. 

Oblix  says  it  intends  to  build  a  single  access- 
control  point  that  could  plug  into  or  live  on 
that  SIL  layer  to  secure  user-to-application  com¬ 
munication  and  application-to-application  com¬ 
munication  based  on  Web  services.  Oblix  com¬ 
petitor  Netegrity  is  trying  to  provide  similar  fea¬ 
tures  with  its  SiteMinder  and  TransactionMinder 
products.  ■ 


Internet  EDI  expands  B2B  options 


Companies  can  supplement  existing  VAN-based  EDI  platforms  with  AS2-compliant 
software  that  enables  simpler,  less-expensive  Internet  transactions. 


ERP  system 
server 


AS2-compliant  Internet  EDI  soft¬ 
ware  typically  sits  on  a  server  in 
front  of  a  company’s  EDI  infra¬ 
structure,  which  handles  data 
translation  and  processing.  AS2 
describes  how  to  create  a  secure 
connection  and  transport  data. 


EDI  software 
server 


VAN-based  trading  partner 
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Legacy  VAN  connections  require  propriety 
software  at  both  sites  and  incur  per- 
transaction  charges. 


For  trading  partners  with  basic 
connection  needs,  Internet  EDI 
requires  only  a  browser. 


AS2  software 
server 


Receipt 


AS2-compliant 
trading  partner 


EDI 
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working  group,  which  was  formed 
in  1996  to  create  a  set  of  secure 
standards  for  sending  EDI  data 
over  the  Internet.  Its  predecessor 
is  the  AS1  specification,  which 
details  how  vendor  applications 
should  securely  exchange  busi¬ 
ness  messages  over  the  Internet 
using  Simple  Mail  Transfer  Proto¬ 
col  (SMTP).The  AS2  specification 
references  AS1  packaging  and 
security  standards  and  defines 
how  to  use  HTTP  instead  of  SMTP 
to  transport  this  data. 

Coty  is  one  of  thousands  of  sup¬ 
pliers  affected  by  the  Wal-Mart 
mandate.  Coty  began  investigat¬ 
ing  transmitting  EDI  over  the  Inter¬ 
net  in  2002,  when  Wal-Mart  and 
another  of  its  customers  put  the 
effort  on  the  fast  track,  says  Bob 
Beachler,  manager  of  logistics 
technology  at  the  $1.5  billion 
New  York  company. 

In  addition,  Coty  customer 
Meijer  Stores,  a  grocery  and  gen¬ 
eral  merchandise  retailer,  was  en¬ 
couraging  its  suppliers  to  forego 
VANs,  Beachler  says.  Meijer  didn’t 
mandate  that  its  suppliers  change 
to  Internet-based  EDI, but  added  a 
financial  burden  to  those  that  did¬ 
n't  make  the  switch.  VANs  carry 
monthly  and  per-message  or  per- 
character  fees;  each  party  pays  for 
sending  and  receiving  messages. 


Suppliers  who  stayed  with  VANs 
would  be  responsible  for  paying 
all  transaction  fees,  Beachler  says. 

Transaction  fees  are  significant 
for  Coty  where  EDI  is  standard 
operating  procedure.  The  compa¬ 
ny’s  Sanford,  N.C.,  manufacturing 
and  distribution  facility  annually 
processes  more  than  1.5  million 
orders,  98.3%  of  which  are  in  EDI 
format,  Beachler  says. 

Coty  uses  AS2  to  conduct  busi¬ 
ness  with  six  of  its  customers, 
which  represents  about  40%  of 
the  company’s  total  transaction 
volume.  For  Coty  to  conduct  busi¬ 
ness  with  a  typical  midrange  cus¬ 
tomer  over  a  VAN  costs  about 
$300  per  month,  he  says.  Mean¬ 
while,  the  company  spent  $22,000 
on  AS2-based  Internet  EDI  soft¬ 
ware  from  iSoft.That  deal  lets  for 
the  company  connect  to  its  first 
11  partners;  adding  additional 
partners  costs  about  $1,000  for 
each  connection. 

The  primary  advantage  is  that 
the  iSoft  fees  are  one-time  charges 
vs.  ongoing  VAN  charges,  Beachler 
says. “We  all  need  a  way  to  move 
information  back  and  forth,  even 
more  so  in  future,”  Beachler  says. 
“If  we  can  do  it  a  little  cheaper, 
that’s  a  very  good  thing.  That’s  the 
key  thing  to  me.” 

Maturing  standards 

AS2  still  has  some  maturing  to 
do,  observers  say 


“One  of  things  that  we’re  look¬ 
ing  forward  to  in  the  develop¬ 
ment  of  ED1INT  is  more  sophisti¬ 
cated  and  helpful  management 
of  a  lot  of  the  security  parameters 
and  information  that  has  to  be  ex¬ 
changed  between  trading  part¬ 
ners,”  says  David  Walling,  CTO  at 
iSoft.  For  example,  vendors  have 
devised  different  ways  of  ex¬ 
changing  public-key  certificates, 
because  it  was  not  originally 
specified  in  the  AS2  draft,  he  says. 

Walling  also  expects  users  will 
begin  to  use  AS2  to  transport  non- 


EDI  data,  such  as  XML.  Although 
AS2  today  is  used  primarily  to 
send  EDI  data,  it  is  not  limited  to 
EDI  data. 

Nor  is  AS2  limited  to  inter-com¬ 
pany  transactions.  For  example, 
Coty  uses  iSoft  Commerce  Suite 
in  its  communications  between 
distribution  centers. 

Companies  increasingly  are 
using  AS2  to  secure  data  as  it 
moves  within  corporate  bound¬ 
aries  —  such  as  between  legacy 
processing  platforms,  Walling 
says.“AS2  is  a  secure,  reliable  pro¬ 


tocol  for  moving  data  on  an  IP 
network  using  HTTP,”  he  says. 
“That  doesn’t  have  to  be  the 
Internet,  it  could  be  an  intranet  or 
a  LAN  within  an  organization." 

Data  probably  moves  more 
within  the  organization  than  it 
does  between  organizations,  Wal¬ 
ling  says.  “Companies  are  recog¬ 
nizing  that  it’s  of  great  value  to  be 
able  to  demonstrate  that  data  was 
moved  within  their  organization 
securely  and  reliably,  and  that 
they  have  some  audit  trail  to 
prove  it,”  he  says.  ■ 


10  gigabit  uplink  option 


THE  SUMMIT®  400  -  THE  PEAK  OF  NETWORK  PERFORMANCE 


Extreme  Networks  is  revolutionizing  the  networking  industry  with 
the  highest  performance  Layer  3  10/100/1000  fixed  configuration 
edge  switch,  with  the  industry's  first  and  only  modular  10  gigabit 
uplink  option.  The  Summit  400,  designed  for  enterprise  networks 
deploying  gigabit  to  the  desktop,  enables  customers  to  fearlessly 
deploy  Gigabit  Ethernet  to  the  edge  today,  and  have  the  added  peace 
of  mind  that  they  can  fully  performance-enable  their  wiring  closet 
infrastructure  through  future  upgrades.  How’s  that  for  a  switch ? 


GO  BEYOND 
WITH  EXTREME  NETWORKS 

Contact  Extreme  Networks  at 
1.888.257.3000  or  visit  us  on  the  web  r 

www.extremenetworks.com/go/suni400  : 


©  2004  Extreme  Networks,  Inc  Ail  Rights 
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Tired 


putting 
out 
fires?, 


those  who  know  how  to  look. 

The  basic  idea  behind  CAPPS  II  is  that 
airline  passengers  will  be  asked  to  provide 
their  full  name,  addresses,  phone  number 
and  date  of  birth  and  don’t  be  surprised  if 
your  underwear  size  is  next.  This  informa¬ 
tion  will  be  sent  to  a  commercial  database 
company,  such  as  Acxiom,  when  travelers 
try  to  check  in.  The  company  attempts  to 
confirm  the  travelers  identity  using  in¬ 
formation  in  its  database.  Information  from 
the  commercial  database  and  from  federal 
databases  then  will  be  used  to  fit  the  trav¬ 
eler  into  one  of  three  groups,  such  as 
green, yellow  and  red  tags. 

Travelers  who  register  green  would  be 
subject  to  normal  screening  and  those 
who  come  up  yellow  would  get  closer  in¬ 
spection.  Those  who  come  up  red  would 
be  barred  from  getting  on  the  plane. 

You  better  hope  that  you  have  not  been 
the  victim  of  identity  theft,  where  the  thief 
does  something  that  sets  off  the  red  paint 
gun.  You  could  suddenly  be  stranded  in 
Newark  involved  in  a  very  long  conversa¬ 
tion  with  some  people  who  are  trained  to 
doubt  your  honesty. 

Quite  a  few  organizations  have  come  out 
against  this  plan  and  not  just  the  ACLU. 
Former  Republican  Congressman  Bob  Barr, 
hardly  a  liberal  firebrand,  has  expressed 
severe  concerns  about  the  potential  for  vio¬ 
lating  travelers’  civil  rights.  In  addition,  the 
Congressional  General  Accounting  Office 
says  that  the  system  was  nowhere  near 
ready  for  prime  time.  But  this  column  is  not 
about  my  dislike  for  this  kind  of  computer¬ 
ized  Big  Brother  environment.  It  is  about  the 
information  on  you  that  is  already  laid  out 
for  harvesting  on  the  Internet  by  compa¬ 
nies  such  as  Acxiom. 

Fortune  has  what  can  be  best  described 
as  a  horror  story  about  Acxiom  in  its  Feb.  23 
issue.  Acxiom  admits  that  at  least  twice 
hackers  have  broken  into  its  systems  and 
absconded  with  records  about  millions  of 
Americans.  The  company  is  an  attractive 
target  because  it  has  more  than  20  billion 
records  about  our  activities  and  environ¬ 
ments.  Fortune  says  Acxiom  is  getting  seri¬ 
ous  about  security,  but  descriptions  of  what 
the  company  is  doing  do  not  impress  me. 

Acxiom  and  other  such  companies  will 
be  empowered  to  collect  even  more  infor¬ 
mation  about  you  by  the  money  and 
authority  of  the  government.  It  would  be 
ironic  if  the  collapse  of  the  U.S.  economy 
came  because  the  Russian  mafia  (an 
example  in  the  Fortune  story)  broke  into 
Acxiom  and  used  the  information  to 
destroy  the  credit  ratings  of  almost  all 
Americans.  Because  of  the  negative  infor¬ 
mation,  CAPPS  II  would  not  let  you  fly,  even 
if  your  credit  cards  worked. 

Disclaimer  Harvard’s  development  office 
would  be  quite  disappointed  if  the  credit 
rating  of  potential  donors  were  to  be  hurt, 
but  I  did  not  ask  them  about  this  topic. 


The  Department  of  Homeland  Security 
says  it  can  figure  out  if  you  are  a  ter¬ 
rorist  by  knowing,  among  other 
things,  how  big  your  apartment  is.  The  de¬ 
partment  plans  to  put  that  belief  into  prac¬ 


tice  this  summer  under  the  rubric  of  the 
Computer  Assisted  Passenger  Pre-Screen¬ 
ing  System  (CAPPS)  II,  ensuring  that  a 
smorgasbord  of  information  about  you 
and  me  is  available  over  the  Internet  for 
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most  successful  organiza¬ 
tions  rely  oil  OPNET,  includ¬ 
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government  and  defense 
agencies,  network  service 
providers,  and  network  R&D 


OPNET  identifies  the 
root-cause  of  end-to-end 
application  performance 
and  network  configuration 
problems. 


OPNET  also  predicts  the 
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cations,  devices,  and  configu¬ 
rations  on  performance. 
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tems.  He  can  be  reached  at  sob@sob.com. 
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built  to  fi 


NetScreen,  the  company  protecting  many 


of  the  world’s  largest  enterprises,  now  has 


Our  complete,  single  vendor  solutions  provide 
network  security  that’s  easily  managed. 


Reduces  costs.  And  most  importantly,  gives 


attacks.  Our  unequaled  solutions  for  large 


financial,  government  and  manufacturing 


networks  have  made  us  the  world’s  fastest 


growing  major  network  security  company 
over  the  last  two  years.  Now  there’s  no 


more  impenetrable  solution  for  your 


business.  Call  800.638.8296  or  visit 


www.netscreen.com/company/ad/impenetrable 


Intrusion  Detection  and  Prevention 


Antivirus 


Central  Management 
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ADVERTISEMENT 


Automating  for  ROI 

IDC  finds  customers  get  dramatic  productivity  gains  and  cost  savings  from 
Lucent  Technologies  VitalQIP™  automated  IP  management  software. 


VitalQIP  delivers  savings,  rapid  ROI 


Average  per  1 00  users 

IT  productivity  savings 

$17,074 

User  productivity  savings 

$32,068 

IT  efficiency  savings 

$2,424 

Other  cost  savings 

$1,196 

Total  savings 

$52,762 

Net  present  value  of  savings 

$37,522 

Total  investment 

$4,033 

ROI 

930% 

Payback 

106  days 

Source:  IDC,  2004 

Lucent  Technologies  VitalQIP™  DNS/DHCP  &  IP 
Address  Management  software  consolidates  all  your  IP 
address  management  information  into  a  single,  shared 
database.  The  software  gives  you  the  tools  you  need  to 
manage  your  network  more  efficiently  while  maintain¬ 
ing  the  same  or  better  level  of  service.  After  in-depth 
conversations  with  leading  enterprise  customers,  the 
research  firm  IDC  confirmed  a  simple  fact:  VitalQIP™ 
software  helps  you  get  the  most  return  out  of  your 
infrastructure  investments. 

VitalQIP™  software  makes  it  easier  for  administra¬ 
tors  to  keep  track  of  IP-based  resources  while  improv¬ 
ing  service  reliability  and  performance.  IDC  deter¬ 
mined  that  the  average  VitalQIP™  software  user 
gained  extensive  operational  benefits,  leading  to  a 
dramatic  930%  return  on  investment  and  a  payback 
period  of  less  than  four  months. 

In  addition  to  these  quantifiable  savings,  VitalQIP™ 
software  helps  IT  keep  pace  with  business  require¬ 
ments  to  manage  new  technologies,  mergers  and 
acquisitions,  and  seemingly  constant  change. 

Reduce  security  risks,  increase  IT  productivity 

Technologies  such  as  Voice  over  IP  (VoIP)  and  wireless 
LANs  (WLAN)  can  increase  an  enterprise's  security  risk 
by  opening  new  doors  into  the  network.  They  also 
increase  the  number  of  devices  and  IP  addresses  IT  must 
manage,  threatening  IT  staff  productivity. 

VitalQIP™  software  addresses  these 
issues  head-on,  improving  IT  staff  produc¬ 
tivity  by  automating  and  centralizing  the 
IP  address  management  process.  Updates 
to  the  system's  central  database,  including 
moves,  adds  and  changes,  are  processed 
by  distributed  DNS/DHCP  servers,  auto¬ 
mating  what  is  traditionally  a  manual, 
time-consuming  chore. 

The  centralized  database  also  aids  in 
troubleshooting  and  capacity  manage¬ 
ment,  helping  IT  staff  quickly  get  to  the 
root  of  any  problem  and  avoid  outages  in 
the  first  place.  To  improve  security,  the 
database  helps  administrators  find  discrep¬ 
ancies  in  address  data  and  stranded  assets. 
It  also  enables  IT  to  centrally  establish  rules 
detailing  who  is  authorized  to  make 
changes  that  affect  network  access. 
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Learn  more  about 

Lucent  Technologies 
award-winning 
VitalQIP™  software 


Download  the  complete  IDC  white  paper, 
"Determining  the  Return  on  Investment  for 
Automated  IP  Address  Management." 

Go  to:  www.nwfusion.com/lucent/QIP 


Quick  payback,  big  ROI 

The  benefits  also  extend  to  end  users,  such  as  by 
decreasing  application  downtime  and  problems  requir¬ 
ing  help  desk  assistance.  On  average,  IDC  found  cus¬ 
tomers  employing  VitalQIP™  software  realized  a  2% 
increase  in  end  user  productivity.  Combined  with  sig¬ 
nificant  improvements  in  IT  staff  productivity,  reduced 
IT  staff  requirements  and  other  cost  savings,  IDC  calcu¬ 
lated  an  average  ROI  of  930%  and  payback  period  of 
just  106  days. 

Companies  that  deployed  VitalQIP™  software  aver¬ 
aged  total  savings  over  three  years  of  $52,762  per  100 
users,  IDC  found.  Its  study  clearly  demonstrates  that 
VitalQIP™  software  helps  IT  managers  get  the  control 
they  need  over  expanded  enterprise  resources. 
VitalQIP™  software  customers  truly  can  do  more  with 
less,  IDC  reports,  and  have  made  the  staff  reductions  to 
prove  it.  And  while  companies  enjoy  a  rapid  payback 
from  the  software,  the  savings  from  productivity  and 
improved  availability  continue  for  years  to  come. 

"According  to  the  users  we  spoke  with,  VitalQIP™ 
software  addresses  the  need  for  automation,  central¬ 
ization  and  homogenization  of  IT  information  process¬ 
es,"  IDC  says  in  a  white  paper  detailing  its  findings.  "All 
study  participants  experienced  significant  savings." 
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Broadwing/Corvis  union:  Year  One 

All-optical  IP  network  offers  advantages  that  have  yet  to  fully  pay  off,  experts  say. 


(([Broadwing  offers  a]  unique  experience 
because  of  our  all-optical  network.  We  have 
the  last  network  built  so  we  have 
advantages.  99 


Mark  Spagnolo 

CEO,  Broadwing 


■  BY  DENISE  PAPPALARDO 

Broadwing  has  no  debt,  one  of  the 
newest  national  networks  and  only  a 
small  portion  of  its  revenue  stems  from 
traditional  voice  services. Yet  as  with  most 


■  Sprint  last  week  announced  a  deal 
with  STSN,  a  wireless  LAN  service 
provider  that  deploys  and  manages 
hot  spots  at  hotels  across  the  coun¬ 
try.  The  deal  expands  the  reach  of  the 
carrier’s  PCS  Wi-Fi  Access  service  to 
500  additional  hotels.  The  roaming 
agreement  also  lets  STSN's  iBAHN 
Passport  Wi-Fi  service  customers 
use  Sprint's  WLAN  access  points. 
Sprint  first  launched  its  PCS  Wi-Fi 
Access  service  in  September,  with 
hot-spot  roaming  deals  with  Wayport 
and  Airpath  Wireless.  In  December, 
Sprint  expanded  its  Wi-Fi  service 
reach  across  the  U.S.,  specifically  in 
airports,  through  a  roaming  agree¬ 
ment  with  Concourse  Communic¬ 
ations.  Sprint’s  network  also  includes 
hot  spots  owned  and  operated  by 
Cometa  Networks.  The  service 
provider  says  it  plans  to  have  2,100 
WLAN  access  points  on  its  network 
this  year.  Sprint's  PCS  Wi-Fi  Access 
costs  $9.95  per  connection,  per  loca¬ 
tion.  for  24  hours  of  unlimited  access. 

■  Nortel  last  week  re-entered  the 
broadband  access  market  through 
alliances  with  three  companies. 
Nortel  exited  the  broadband  access 
business  about  three  years  ago  cit¬ 
ing  financial  challenges.  Nortel  has 
allied  with  Calix,  ECI  Telecom  and 
Keymile.  ECI  Telecom  brings  DSL 
access  multiplexer,  passive  optical 
network  and  aggregation  platforms 
for  the  global  market,  while  Calix 
and  Keymile  provide  multi-service 
broadband  loop  carriers  for  mar¬ 
kets  using  the  North  American 
ANSI  and  European  ETSI  stan¬ 
dards,  respectively. 


service  providers,  the  company’s  long¬ 
term  success  is  not  set  in  stone. 

A  year  ago  this  week,  Cequel  III  and 
Corvis  announced  plans  to  acquire 
Broadwing  for  $91  million.  The  deal  also 
let  Broadwing  eliminate  more  than  $2  bil¬ 
lion  in  debt. 

In  November,  Corvis,  a  maker  of  optical 
network  gear  and  a  majority  owner  of 
management  company  Cequel  III,  took 
97%  control  of  Broadwing,  a  move  that 
might  just  save  Corvis. 

It’s  unusual  for  an  equipment  vendor  to 
own  a  service  provider,  but  with  nearly  all 
of  Corvis’  revenue  coming  from  Broad¬ 
wing,  it  seems  Corvis’  position  as  a  gear 
vendor  is  taking  a  back  seat. 

Corvis  reported  fourth-quarter  revenue 
of  $142.5  million  earlier  this  month.  The 
equipment  company  only  brought  in  $2.1 
million  while  Broadwing  generated 
$140.4  million. 

But  as  Broadwing’s  nationwide,  all-opti¬ 
cal  network  is  based  almost  exclusively 
on  Corvis  technology  it’s  the  equipment 
vendor’s  prime  example  of  a  large-scale 
deployment.  It  is  also  Broadwing’s  biggest 


■  BY  JIM  DUFFY 

Cisco  recently  unveiled  software  de¬ 
signed  to  help  service  providers  better 
manage  Multi-protocol  Label  Switching 
networks  built  with  Cisco  products. 

The  new  packages  include  MPLS  man¬ 
agement  features  embedded  in  Cisco  IOS 
routing  software;  an  updated  VPN  policy 
management  application;  and  applica¬ 
tions  that  provide  enhanced  collection  of 
performance  data  and  other  statistics, 
according  to  Cisco. 

Service  providers  are  implementing 
MPLS  to  reduce  operating  costs  by  inte¬ 
grating  multiple  networks  onto  a  single 
converged  core.  It  also  is  being  deployed 
at  the  edge  of  the  network  to  provision 
customer  VPNs. 

At  least  80%  of  Tier  1  carriers  in  Asia, 
North  America  and  Europe  have  firm 
plans  to  increase  levels  of  voice,  video 
and  data  traffic  over  IP/MPLS,  according 
to  The  Yankee  Group.  In  the  U.S.,  RBOCs 


asset,  says  J.P  Gownder,  an  analyst  at  The 
Yankee  Group. The  network  is  not  saddled 
with  the  overhead  that  companies  with 
multiple  legacy  networks  are  dealing 
with,  he  says. 

AT&T,  MCI  and  Sprint  are  consolidating 
their  voice  and  data  networks  onto  a  sin¬ 
gle  IP  core,  the  network  Broadwing  built 
four  years  ago. 

It’s  also  the  asset  that  CEO  Mark 
Spagnolo  is  hanging  his  hat  on. 
Broadwing  offers  enterprise  customers  a 
“unique  experience  because  of  our  all- 
optical  network.  We  have  the  last  network 


are  expanding  regional  networks  to 
nationwide  IP/MPLS  backbones. 

With  this,  MPLS  management  is  becom¬ 
ing  more  critical.  Standards  efforts  are 
underway  to  define  MPLS  operations, 
administration  and  maintenance  (OAM) 
procedures;  and  vendors  such  as  Cisco 
also  are  taking  matters  into  their  own 
hands  with  new  products.  But  the  vendor 
is  “going  well  beyond  what’s  defined  in 
the  IETF  OAM,”  says  Ben  Goldman,  direc¬ 
tor  of  marketing  in  Cisco’s  Internet 
Technologies  division. 

The  MPLS  management  features  within 
IOS  are  called  MPLS  Embedded  Manage¬ 
ment.  They  consist  of  a  set  of  services  — 
such  as  Label  Switched  Path  (LSP)  Ping, 
Traceroute,  Virtual  Circuit  Connection 
Verification  (VCCV),  AutoTunnel  and 
AutoMesh  —  designed  to  provide  fault, 
configuration,  accounting,  performance 
and  security  management  of  MPLS 
networks. 


built  so  we  have  advantages,"  he  says. 

“You  hear  a  lot  in  the  industry  about . . . 
quarter-over-quarter  revenue  declines”  for 
AT&T  and  MCI,  Spagnolo  says. 

Spagnolo  says  Broadwing  can  offer 
unmatched  price  advantages. 

“We  renewed  a  three-year  deal  last 
month  that  was  10%  lower  than  that  cus¬ 
tomer’s  prices  two  years  ago,”  he  says. 
“That’s  pretty  good.” 

Mazda  North  American  Operations  has 
used  Broadwing’s  MultiConnect  private¬ 
line  and  MultiConnect  Redirect  disaster- 
recovery  services  since  early  last  year. 
Broadwing  provides  a  dedicated  T-3  line 
to  its  main  office  that’s  divided  into  28T-ls 
used  to  connect  Mazda  offices  through¬ 
out  the  country  with  its  U.S.  headquarters 
in  Irvine,  Calif. 

“The  service  has  run  smoothly  with 
excellent  quality  for  [the  past]  13 
1  months,” says  Michael  Swancutt,  a  systems 
manager  in  the  company’s  IT  department. 
“There  hasn’t  been  any  detectable  change 
|  since  Corvis  bought  the  company’ 

In  2002,  while  shopping  for  a  VPN  ser¬ 
vice  that  runs  over  the  Internet,  Mazda 
chose  Broadwing’s  private-line  service 
because  its  price  was  “very  strong”  and  it 
could  offer  flexibility  that  others  could 
not,  Swancutt  says. 

See  Broadwing,  page  36 


More  online! 

Get  the  background  on  the  Broadwing  salt. 

DocFinder  9869 


Cisco  tackles  MPLS  mgmt. 

New  software  designed  to  automate,  verify  tasks. 


See  Cisco,  page  36 
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EYE  ON  THE 
CARRIERS 

Johna  Til! 
Johnson 


Last  week  I  talked  about  the  enor¬ 
mous  increase  in  bandwidth  require¬ 
ments  underway  at  most  enterprise 
organizations.  A  major  cause  is  the  drama¬ 
tic  increase  in  applications. 

Most  companies  say  they’re  running 
between  50  and  300  applications  over  the 
WAN,  and  many  have  more  than  1,200. 
That’s  scary  enough,  but  the  real  issue  isn’t 
application  quantity,  it’s  quality  There  are 
five  basic  application  types,  based  on 
their  bandwidth  consumption  and  toler¬ 
ance  for  network  latency: 

•  Network-optimized  transactional  apps 
(such  as  Web  and  Citrix). These  are  mod¬ 
erately  sensitive  to  latency,  consume  a 
moderate  amount  of  bandwidth,  and  run 


Architecting  the  application-enabled  WAN 


well  over  your  typical  WAN. 

•  Real-time,  low-bandwidth  apps  (such 
as  voice  and  some  transactional  apps). 
These  consume  a  moderate  amount  of 
bandwidth,  but  are  very  latency-sensitive, 
typically  requiring  a  network  with  less 
than  150  millisec.  Running  these  apps 
requires  a  quality  of  service  (QoS)- 
enabled  WAN. 

•  Bulk  file  transfers.  These  are  high- 
bandwidth,  latency  insensitive.  Best-effort 
delivery  is  fine. 

•  Chatty  transactional  applications  are 

near  real-time,  higher  bandwidth  applica¬ 
tions  (such  as  early  versions  of  People- 
Soft).  These  are  highly  latency-sensitive 
and  consume  a  fair  amount  of  band¬ 
width.  In  many  cases,  it’s  virtually  impossi¬ 
ble  to  architect  a  WAN  to  support  them 
well. 

•  Finally,  there’s  interactive  video,  which 
is  in  a  category  by  itself  in  terms  of  laten¬ 
cy  and  bandwidth  requirements.  Most 
companies  today  support  video  on  a  ded¬ 


icated  separate  network  (usually  ISDN)  — 
if  they  do  so  at  all  —  but  an  ongoing  trend 
is  to  converge  video  onto  the  WAN,  typi¬ 
cally  via  QoS-enabled  architectures  such 
as  Multi-protocol  Label  Switching. 

Chances  are  that  80%  or  more  of  your 
apps  will  fall  into  these  basic  categories. 
But  how  do  you  architect  a  WAN  that’s 
optimal  for  five  different  application  types 
without  building  five  separate  WANs? 

Step  1  is  to  understand  and  classify  your 
application  mix,  both  present  and  future.  If 
chatty  transactional  apps  represent  just 
5%  of  your  traffic,  but  will  go  to  15%  next 
year,  that  requires  a  different  approach 
than  if  it’s  5%  going  to  2%.  So  start  by 
benchmarking  your  application  types. 
Then  estimate  their  rate  of  change  and 
validate  the  estimates  with  lines-of-busi- 
ness  and  application  developers. 

Next,  estimate  the  individual  and  cumu¬ 
lative  bandwidth  and  latency  require¬ 
ments  for  your  mix  of  applications.  This 
can  be  a  challenge  if  you’re  dealing  with 


apps  with  a  usage  pattern  that  is  unfamil¬ 
iar  (IP  telephony,  for  example).  This  is 
where  effective  capacity  planning  exercis¬ 
es  become  key. 

Finally,  you’re  ready  to  do  some  real 
design  work. 

If  you’re  pushing  the  limits  of  your  exist¬ 
ing  WAN  technology  you  have  a  handful 
of  choices. You  can  re-architect  the  app  to 
reduce  its  “WAN  impact"  (using  Citrix  to 
gain  access  to  a  chatty  transactional  appli¬ 
cation  is  a  common  approach).  You  can 
add  bandwidth-optimization  products 
and  services  such  as  those  discussed  last 
week.  Or  you  can  enhance  your  WAN  to 
meet  the  increased  latency  and  band¬ 
width  requirements. 

Which  is  the  right  path  for  you?  Ah,  that’s 
the  art  of  engineering  design. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research ,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


Cisco 

continued  from  page  35 

LSP  Ping  and  Traceroute  provide 
diagostics  and  troubleshooting  for  MPLS 
LSPs.  Ping  mode  can  test  the  integrity  of 
connectivity,  while  Traceroute  is  used  for 
hop-by-hop  fault  localization  and  LSP 
path  tracing. 

In  the  traceroute  verification,  the  packet 
is  sent  to  the  control  plane  of  each  MPLS 
router,  which  performs  various  checks, 
including  one  that  determines  if  it  is  a 
transit  router  for  this  path. 

VCCV  enhances  the  monitoring  and 
troubleshooting  of  Layer  2  services  across 
an  MPLS  network.  It  creates  a  control 
channel  between  the  two  provider  edge 
devices  to  identify  the  connectivity  verifi¬ 
cation  packets  from  Layer  2  payloads. 

AutoTunnel  provides  the  ability  to  set  up 
traffic  engineering  tunnels  automatically 
for  primary  and  back-up  duty  AutoMesh  is 
designed  to  increase  the  amount  of  band¬ 
width  available  over  the  same  MPLS  infra¬ 
structure  by  automating  the  configuration 
of  full-mesh  MPLS  traffic  engineering 
tunnels. 

The  VPN  policy  management  applica¬ 


tion  is  called  Info  Center  VPN  Policy 
Manager  3.1.  It  collects  fault  information 
and  correlates  it  with  MPLS  VPNs  that  are 
affected  by  events  such  as  configuration 
changes  or  access  list  updates,  informa¬ 
tion  used  to  manage  service-level  agree¬ 
ments  (SLA). 

Another  application  is  NetFlow  Col¬ 
lection  Engine  5.O.,  which  functions  as  a 
“meter”  to  gauge  traffic  accounting,  usage- 
based  billing,  network  capacity  analysis 
and  planning,  network  quality-of-service 
and  SLA  performance  statistics. 

Also  for  performance-data  gathering, 
Cisco  unveiled  an  application  called  Per¬ 
formance  Engine  2.1.  This  software  is 
designed  to  simplify  the  collection,  aggre¬ 
gation  and  forwarding  of  performance 
and  usage  data  from  a  variety  of  Cisco 
devices  and  data  sources,  according  to 
policies  programmed  by  higher-layer 
applications. 

The  MPLS  management  features  are 
available  in  Cisco’s  IOS  12.027  (S)  release 
stream  for  the  12000,7200  and  7500  Series 
Routers.  Later  this  year,  Cisco  will  make 
them  available  on  the  Catalyst  6500 
switches,  7600  Series  Router  and  perhaps 
the  10000  Series  Router  as  well.  ■ 


Broadwing 

continued  from  page  35 

The  service  provider’s  MultiConnect 
Redirect  service  lets  Swancutt  redirect 
Mazda’s  T-3  connection  to  a  back-up  facil¬ 
ity  within  minutes.That’s  a  feature  that  oth¬ 
ers  couldn’t  offer,  he  says. 

In  addition  to  its  MultiConnect  service, 
Broadwing  offers  IP  VPN,  frame  relay  ATM, 
traditional  voice  services  and  now  DSL 
through  a  new  deal  with  Covad  Com¬ 
munications.  The  company  is  also  in  the 
process  of  developing  VoIP  services,  an 
area  in  which  it  trails  competitors.  Last 
week,  the  company  named  Mark  Pugerude 
its  first  vice  president  and  general  manager 
of  softswitch  services. 

But  if  VoIP  isn’t  a  requirement  for  your 
company  today,  Broadwing  is  worth  a 
look,  says  David  Rohde,  analyst  at  consult¬ 
ing  firm  TechCaliber. 

“Enterprises  are,  and  in  a  lot  of  cases 
should  be,  considering  them.  Broadwing’s 
offers  are  very  attractive,”  he  says.  “Users 
that  are  looking  for  pure  private-line  ser¬ 
vices  should  send  a  bid  to  Broadwing, 
which  will  always  give  users  very  compet¬ 
itive  rates  for  quality  services.” 

Another  issue  for  Broadwing  is  the  com¬ 
pany’s  lack  of  brand-name  recognition. 
The  company  also  does  not  have  deep 
pockets  to  launch  a  big  branding  cam¬ 
paign,  Rohde  says.  Broadwing  is  typically 
going  head  to  head  with  some  of  the  most 
well-known  companies  in  the  country 

But  Spagnolo  says  Broadwing  is  making 
strides  to  lower  its  costs  in  addition  to 
bringing  in  new  customers.  The  company 
is  examining  its  local  access  costs  by  not 
only  renegotiating  local  rates  where  possi¬ 
ble,  but  also  building  points  of  presence  to 
more  directly  connect  users  to  the  carrier’s 
network.  If  Broadwing  has  its  own  POP  in 
an  area  densely  populated  with  Broadwing 
customers,  it  can  reduce  access  costs  paid 


to  local  providers,  Spagnolo  says. 

The  company  also  is  more  focused  on 
business  users  than  it  was  just  a  year  ago, 
Spagnolo  says.  “About  two-thirds  of  the 
company’s  revenues  come  from  enter¬ 
prises  and  one-third  from  other  carriers,” 
he  says.  “Those  figures  were  flip-flopped 
just  last  year.” 

Broadwing  also  is  selling  to  the  federal 
government,  which  is  a  new  effort  for  the 
service  provider.  Last  month  the  company 
hired  Diana  Gowen  as  its  first  vice  presi¬ 
dent  of  government  solutions. 

Despite  Broadwing’s  market  challenges, 
the  company  appears  to  be  making  a 
good  impression  on  customers. 

“I  feel  confident  that  [Broadwing]  has 
lasting  value,”  Mazda’s  Swancutt  says. 
“Through  our  term  commitment  they  are 
going  to  be  a  viable  service  provider  for 
Mazda.”  ■ 
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Manager's  lineup 

Cisco’s  new  MPLS  management  products  include: 

•  IOS  MPLS  Embedded  Management  —  a  set  of  services  for  fault, 
configuration,  accounting,  performance  and  security  management. 

•  Info  Center  VPN  Policy  Manager  3.1  —  software  that  collects  fault 
information  and  correlates  it  with  MPLS  VPNs  that  are  affected  by  events 
such  as  configuration  changes  or  access  list  updates. 

•  CNS  NetFlow  Collection  Engine  5.0  —  software  that  provides  traffic 
accounting,  usage-based  billing,  network  capacity  analysis,  and  quality- 
of-service  and  SLA  performance  metering. 

•  CNS  Performance  Engine  2.1  —  software  that  collects,  aggregates  and 
forwards  performance  and  usage  data,  according  to  policies. 
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AVDL  integrates  application  security 


HOW  IT  WORKS 
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Application  Vulnerability  Description  Language 
describes  security  vulnerabilities,  allowing  security 
tools  from  different  vendors  to  coordinate  and 
automate  security  management. 
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O  A  vulnerability  scanner  maps  an  application’s  structure  and  detects  any  security  holes,  then  outputs 
an  AVDL  file. 

©  An  application  security  gateway  uses  AVDL  to  enforce  site-access  policies. 

©  A  patch  management  system  uses  AVDL  data  to  apply  patches  and  hot  fixes. 

©  Management  tools  present  AVDL  data  to  the  user  in  the  form  of  security  audit  reports. 

0  AVDL  data  also  can  be  supplied  from  other  sources,  such  as  security  policy  managers,  security 
alerts  and  bulletins,  application  development  platforms  and  host-based  security  analyzers. 


■  BY  JAN  BIALKOWSKI  AND 
KEVIN  HEINEMAN 

Because  traditional  security  tools  such  as 
firewalls, VPNs  and  intrusion-detection  sys¬ 
tems  inadequately  protect  against  applica¬ 
tion-layer  attacks,  security  managers  are 
turning  to  next-generation  application 
security  products  such  as  vulnerability 
scanners,  application  security  gateways 
and  patch  management  systems.  However, 
these  best-of-breed  stand-alone  systems 
still  require  individual  and  separate  user 
interactions,  leaving  the  overall  security 
management  process  too  manual,  time- 
consuming  and  error-prone. 

Application  Vulnerability  Description 
Language  (AVDL)  is  a  new  security  inter¬ 
operability  standard  in  development  by 
the  Organization  for  the  Advancement  of 
Structured  Information  Standards.  Pro¬ 
posed  by  leading  application  security  ven¬ 
dors  and  users,  AVDL  creates  a  rich  and 
effective  set  of  consistent  XML  schema  def¬ 
initions  to  describe  application  security 
properties  and  vulnerabilities.  Using  AVDL, 
security  tools  and  products  from  different 
vendors  will  be  able  to  communicate  to 
coordinate  their  security  operations  and 
automate  security  management. 

AVDL  integration  creates  a  secure  Web 
application  environment  that  automates 
mundane  security  operations,  such  as 
patching  and  reconfiguration, to  meet  evol¬ 
ving  application  requirements  and  security 
policies.  This  frees  security  administrators 
to  focus  on  higher-level  policy  analysis. 

Because  all  new  vulnerability  alerts  can 
be  described  consistently  in  AVDL,  auto¬ 
mation  of  security  management  also  vastly 
reduces  the  incident  response  time, closing 
critical  vulnerability  windows  and  enhanc¬ 


ing  security  posture.  AVDL-based  security 
alert  bulletins  will  give  users  highly  effi¬ 
cient  access  to  the  collective  expertise  of 
all  participants  in  this  field,  where  even  the 
largest  organizations  are  challenged  to 
keep  up  with  rapid  industry  evolution. 

The  basic  concept  embodied  in  the 
AVDL  schema  is  an  application-level 
transaction,  called  a  probe,  which 
describes  HTTP  exchanges  between 
browsers  and  Web  application  servers. 
Defined  mark-ups  allow  specification  of 
the  HTTP  messages  in  full  detail  at  vari¬ 
ous  levels  of  abstraction  (raw  byte 
stream,  or  parsed  to  HTTP  header  con¬ 
structs).  Such  probes  might  specify  valid 
and  expected  request-response  ex¬ 
changes  between  browsers  and  servers, 


or  might  specify  application  vulnerability 
exploits. 

In  the  former  case,  traversal-step  probes 
supply  a  host  of  information,  including  tar¬ 
get  URLs,  links,  cookies  and  other  headers, 
as  well  as  query  or  form  parameters,  their 
attributes  and  ranges  of  legitimate  values. 
The  traversal  probes  can  be  used  to  auto¬ 
mate  enforcement  of  safe  usage  policies. 

In  the  latter  case,  vulnerability  probes  fur¬ 
ther  highlight  questionable  constructs  and 
supply  detailed  specifications  of  vulnera¬ 
bilities,  including  human-readable  descrip¬ 
tion  and  machine-readable  assessment  in¬ 
formation  such  as  vulnerability  severity 
applicability  and  its  historical  records. The 
vulnerability  probes  supply  information 
necessary  to  configure  protective  “deny” 


rules  and  information  about  hot  fixes  if  any 
are  available,  workarounds  and  so  forth 
that  can  be  used  to  automate  management 
of  remediation  processes. 

In  a  typical  usage  scenario,  a  security 
scanner  maps  out  the  application  and 
detects  its  flaws  and  vulnerabilities.  The 
scanner  then  sends  its  assessment  in  the 
form  of  a  set  of  AVDL  probes  to  other  secu¬ 
rity  devices.  The  recipients,  such  as  patch 
management  systems  or  security  gateways, 
use  the  AVDL  input  to  automatically  gener¬ 
ate  configuration  recommendations. 

The  process  prevents  accidental  omis¬ 
sions  and  mistakes  inherent  in  manual  in¬ 
terventions.  Ultimately  security  administra¬ 
tors  manage  the  process  by  rejecting,  mod¬ 
ifying  or  approving  the  recommended 
operations. 

AVDL  technology  delivers  on  its  promise 
of  reducing  time,  effort  and  cost,  while 
improving  accuracy  reliability  and  ulti¬ 
mately  the  security  of  the  installations. 
Several  vendors  will  demonstrate  interop¬ 
erability  of  their  products  at  this  week’s 
RSA  Conference  to  highlight  the  growing 
maturity  and  commercial  viability  of 
AVDL  automation. 

Participants  in  the  application  security 
field,  users,  vendors  and  researchers  are 
invited  to  bring  their  experience  and  ex¬ 
pertise  to  shape  the  future  of  AVDL  and 
the  security  community.  For  further  details 
see  www.avdl.org  or  www.nwfusion.com, 
DocFinder:  9865. 

Bialkowski  is  CTO  of  NetContinuum. 
Heineman  is  vice  president  of  engineering 
at  SPI  Dynamics.  They  are  ccxhairs  of  the 
OASIS  AVDL  Technical  Committee  and  can 
be  reached  at  jan@netcontinuum.com  and 
kheineman@spidynamics.  com,  respectively. 


Dr.  Internet  By  Steve  Blass 

Can  we  attach  multiple  IP  addresses  to  a  single 
Windows  2000  network  interface  card,  similar  to 
the  way  Unix  systems  support  multiple  alias  IP 
addresses  on  a  single  interface? 

Yes.  After  the  first  IP  address  is  assigned  in  the 
normal  way,  you  can  open  the  network  connection 
dialog  box,  highlight  the  TCP/IP  entry  and  click  the 
Properties  button.  When  you  click  the  Advanced 
button  on  the  next  window,  you  will  see  an  IP 


addresses  pane  under  the  IP  settings  tab,  where 
you  can  click  on  the  Add  button  to  enter  another 
IP  address.  If  the  additional  IP  addresses  are  part 
of  the  same  subnet  address  space  as  the  original, 
you  can  test  them  by  connecting  a  second  work¬ 
station  through  a  regular  hub.  If  the  additional  IP 
addresses  belong  to  a  different  subnet,  testing 
becomes  more  interesting,  because  your  worksta¬ 
tion  will  try  to  route  packets  for  the  other  subnet 
through  the  default  gateway  defined  in  the  TCP/IP 


settings.  Depending  on  yoyr  network,  you  might 
not  be  able  to  support  multiple  subnets  on  one 
NIC.  Using  multiple  IP  addresses  on  one  interface 
works  well  to  support  things  such  as  virtual  Web 
hosts,  but  is  not  meant  to  be  used  in  place  of  mul¬ 
tiple  network  interfaces  in  a  firewall  configuration. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.  internets 
changeatwork.  com. 
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To  recap  where  we  left  off  our  explo¬ 
ration  of  Cascading  Style  Sheets 
last  week:  CSS  styles  are  defined  ex¬ 
ternally  from  the  file  they  are  applied  to, 
internally  as  a  block  of  style  definitions, 
or  in-line  as  part  of  individual  content 
elements. 

And  CSS  rules  are  defined  for  HTML 
selectors;  for  classes,  which  are  references 
in  tags  that  make  the  tags  part  of  a  group 
that  can  be  collectively  modified;  and  for 
IDs,  which  are  like  tags  but  are  supposed 
to  reference  a  single  tag.  All  types  of  style 
definitions  and  rules  can  be  used  individ¬ 
ually  or  simultaneously 
This  is  the  general  form  of  a  CSS  rule  in 
an  HTML  tag  (  “[  ]”  indicates  optional 
additional  property  definitions): 

<selector  style=”property:value;  [prop- 
erty:value;  [  . . . ]  ]  ”>content</selector> 
Properties  are  attributes  of  an  element 
such  as  height  and  color.  Values  are  the 
amount,  size  or  a  keyword  that  the  prop¬ 
erty  is  to  be  set  to. 


Cascading  Style  Sheets  (2)  oh  joy! 


Note  that  should  you  specify  a  property 
that  doesn’t  apply  to  a  particular  selector 
(for  example,  text  indent  in  a  bold  selec¬ 
tor)  it  will  be  ignored  (browser  bugs  not¬ 
withstanding). 

Here  is  an  example  of  a  CSS  rule  in  an 
HTML  element,  a  <p>...</p>  tag  (note 
that  indents  and  whitespace  are  ignored 
—  they  just  make  it  easy  for  humans  to 
read): 

<p  style=”color:blue;  font-size:  12px;”> 
Groovy.</p> 

The  general  form  of  CSS  rules  for  ele¬ 
ments,  classes  and  IDs  that  aren’t  in-line  is 
a  little  different: 

selector  {  property:value;[  property: 
value; [  ...  ]]  } 

For  example: 

p  {  colonblue;  font-size:  12px; } 

.specialpara  {  colorblue;  font-size: 
12px;} 

^Tnypara  {  colorblue;  font-size:  12px; } 

These  all  do  the  same  as  our  <p>  tag 
example  above,  except  the  first  rule 
would  change  all  <p>  tags  in  the  content 
it  is  applied  to  (this  essentially  redefines 
the  tag),  while  the  next  two  rules  would 
apply  to  all  tags  assigned  to  the  special¬ 
para  class  or  the  element  identified  by 
the  id  mypara. 

So  how  do  we  apply  styles?  Here’s  an 


external  CSS  specification  in  a  file  we’ll 
call  extstylel.css: 
body  { 

background-color:  gray; 
background-image:  url  (photol.gif); 
background-repeat:  no-repeat; 
font-family:  arial,  Helvetica,  sans-serif; 

} 

p  {  colonblue;  font-size:  12px;} 

The  CSS  specification  must  be  referenced 
in  the  content  that  it  is  to  be  applied  to. 
Alternatively,  you  can  specify  a  CSS  style 
sheet  in  the  HTML  header.  Here  is  an 
example  that  uses  both  specification 
types: 

<html> 

<head> 

<link  rel=”stylesheet”  href=”ext 
style  l.css”> 

<style  type=”text/css”> 
hi  {  font:bold;  color:  red;  font-size: 
16px; } 

h2  1  {  font:bold;  color:  white;  font- 
size:  14px; } 

</style> 

</head> 

Another  way  of  specifying  an  external 
CSS  file  is  to  use  the  import  directive  so, 
instead  of  the  link  directive,  we  could 
have  used: 

@import  url  (’’extstylel.css); 


This  has  the  same  effect  as  the  link  com¬ 
mand,  but  note  that  Netscape  browsers 
prior  to  Version  6  will  not  understand  the 
directive. You  should  be  able  to  figure  out 
what  the  results  of  the  above  CSS  specifi¬ 
cations  would  be. 

To  give  you  an  idea  of  how  detailed  CSS 
styling  can  be,  let’s  look  at  the  background 
rule:  Changing  no-repeat  to  repeat  will  tile 
the  background,  and  repeat-x  and  repeat-y 
only  tile  the  image  horizontally  or  verti¬ 
cally,  respectively 

Add  “background-attachment:  fixed” 
to  the  specification  and  when  the 
browser  window  scrolls  the  background 
will  not  move,  while  “background-attach¬ 
ment:  scroll”  (the  default)  will  do  the 
opposite. 

Finally  we  can  position  the  background 
image  to  the  pixel  using  “background-posi¬ 
tion:  X  Y  ”  The  values  for  X  and  Y  can  be 
positive  or  negative  offsets  from  the  left  and 
top  browser  window  boundaries,  respec¬ 
tively,  as  either  pixel  counts  (such  as  lOpx 
or -lOpx);  percentages  relative  to  the  parent 
element’s  size  (such  as  10%);  or  keywords 
for  horizontal  (left,  center,  right)  or  vertical 
(top,  center,  bottom)  positioning. 

That  was  easy.  But  next  week  .  .  . 
Complaints  to  gearhead@gibbs.  com. 


Cool 


Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Demo  2004:  Wish  list  kee 
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Welcome  to  the  “Things  I  Want  from  Demo  2004” 
edition  of  Cool  Tools.  In  addition  to  the  products 
highlighted  last  week  (www.nwfusion.com,  Doc- 
Finder:  9870),  here  are  some  exciting  products  launched 
at  the  show  that  I’ll  need  to  begin  saving  my  pennies  for: 

Vulcan  showed  its  FlipStart 
PC,  a  cross  between  a  laptop 
and  a  PDA  that  fits  in  the  palm 
of  your  hand,  weighs  about  1 
pound  and  runs  on  Windows 
XPYes, that’s  right, Windows  XP 
The  FlipStart  is  a  clamshell- 
type  device  that  includes  a 
thumb-style  keypad  (and 
nub-style  pointer  device)  for 
text  input  and  mouse  con¬ 
trol.  It  includes  integrated 
802.1  lb/g  wireless  LAN  con¬ 
nectivity  for  Internet  con¬ 
nections  and  e-mail.  The 
specifications  are  im¬ 
pressive  —  the  Flip- 
Start  has  a  1-GHz  pro¬ 
cessor,  256M  bytes 

The  FlipStart 
laptop/  PDA-type 
device  runs 
on  Windows  XP. 


of  RAM,  a  30G-byte  hard  drive,  a  5.6-inch  HDTV-style  dis¬ 
play  (l,024-by-600-pixel  resolution),  3-D  graphics  card 
with  8M  bytes  of  video  RAM,  an  embedded  1.3-megapix- 
el  digital  camera  and  a  USB  2.0  port. 

Pricing  and  availability  wasn’t  announced,  but  officials 
said  it  would  cost  about  the  same  as  a  midrange  note 
book.  Go  to  www.flipstartpc.com  for  more  details. 

Valence  showed  the  next  generation  of  its  mobile  power 
system  (N-Charge),  which  offers  up  to  10  hours  of  battery 
life  for  laptops,  portable  DVD  players,  MP3  players,  cell 
phones  and  PDAs.The  system,  which  uses  its  Saphion  lithi¬ 
um-ion  phosphate  technology 
has  a  modular  design  (two 
units  offer  the  10  hours), 
weighs  about  3  pounds  and 
comes  with  universal  connec¬ 
tions  through  a  partnership 
with  Mobility  Electronics.  The 
battery  can  recharge  multiple 
devices  simultaneously.  When 
the  Valence  battery  system  is 
connected  to  a  notebook  and 
the  user  is  running  the  com¬ 
puter  in  a  location  where  it 
can’t  be  plugged  into  a  power 
supply  the  Valence  battery  is 
drained  first,  then  the  com¬ 
puter’s  onboard  battery 
kicks  in.  Conversely, 
when  batteries 
need  recharging, 
the  notebook’s 
battery  takes 
the  first 


Valence's 
new  N-Charge 
mobile  power 
system  offers  up 
to  10  hours  of 
battery  power. 

charge,  then  the  N-Charge  battery  recharges. 

The  system  will  cost  about  $200,  and  availability  was  not 
yet  announced.  Go  to  www.valence.com  for  more  details. 

Stata  Labs  launched  Version  2.0  of  its  Bloomba  e-mail 
client,  which  aims  to  take  on  Microsoft  Outlook  as  an  alter¬ 
native  e-mail  application. 

The  system  integrates  an  awesome  search  engine  com¬ 
ponent  that  searches  old  e-mails  (and  attachments!)  in 
seconds.The  company  has  added  calendaring  functional¬ 
ity,  improved  contacts  and  the  ability  to  download  to  a 
Palm-based  PDA. 

The  searching  capability  and  integration  with  a  Spam- 
Assassin  anti-spam  application  alone  should  compel  users 
to  check  it  out  —  the  addition  of  the  calendar,  PDA  syn¬ 
chronization  and  improved  contacts  features  are  icing  on 
the  cake. 

The  software  will  cost  about  $90  and  is  scheduled  to  ship 
in  the  second  quarter,  the  company  says.  Go  to  wwwstata 
labs.com  for  more  details. 

Shaw  can  be  reached  at  kshaw@nww.com. 


©2004  Quantum  is  a  trademark  of  Quantum  Corporation  in  the  United  States  and  other  countries.  All  other  trademarks  are  the  property  of  their  respective  companies.  Specifications  are  subject  to  change  without  notice 


IS  BACKUP  DRIVING  YOU 
TO  THE  EDGE? 

INTRODUCING  THE  DX100.  ► 

T 

THE  ANSWER  IS  X. 


QUANTUM 

DX100 


►  Get  a  FREE 
copy  of  The 
Backup  Book * 

and  download  our 
enterprise  white  paper! 
Enter  code  ADV078  at 
www.theanswerisX.com 
‘First  100  respondents  only. 


Superior  disk-based  backup  for  the  enterprise.  When  the  stress  of 
the  workday  pushes  you  to  the  edge,  one  thing  you  shouldn't  have  to  worry  about 
is  restoring  your  data.  The  Quantum  DX100  gives  you  one  less  thing  to  worry 
about  The  Answer  is  X.  The  new  DX100  is  an  optimized  disk-based  backup  and 
restore  solution  that  enables  IT  professionals  to  significantly  decrease  their  backup 
window  while  dramatically  boosting  data  availability.  Plus,  it  seamlessly  integrates 
into  virtually  any  existing  network  environment,  thus  preserving  your  backup 
processes.  For  the  complete  answer,  call  866-827-1500,  or  visit  us  on  the  Web  at 
www.theanswerisX.com. 
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EDITORIAL 

John  Dix 

The  new  Nortel 
looks  to  a 
bright  Mure 


Norte!  hosted  its  annual  analysts  meeting  last  week 
in  Boston  to  review  what  President  and  CEO  Frank 
Dunn  called  tremendous  2003  results  and  to  extol 
the  company’s  position  in  its  key  markets. 

While  we  weren’t  invited  to  the  general  morning  session, 
we  had  the  opportunity  to  meet  with  Dunn  and  many  of 
his  top  lieutenants.To  a  person  they  were  brimming  with 
enthusiasm  about  future  prospects. 

All  of  which  might  seem  strange  given  Nortel  finished 
2003  with  sales  of  $9.8  billion,  down  7%  compared  with 
2002.  But  considering  the  recent  past,  that  amounts  to  a 
great  stabilization.  Nortel  sales  crested  in  2000  when  the 
company  topped  the  $30  billion  mark,  and  then  plum¬ 
meted  37%  in  2001  and  another  40%  in  2002.  Seven  per¬ 
cent  is  a  relative  dip. 

Dunn  says  of  last  year  the  whole  market  was  down  and 
points  to  fourth-quarter  sequential  growth  of  25%  as  a  sign 
that  Norte!  is  on  the  right  track.“Business  momentum  is 
up,”  he  says.“Progress  is  about  all  the  things  we’ve  done.  All 
the  contracts  we’ve  signed.  We’re  taking  share.  It  will  take 
time  for  our  gains  to  be  reflected  in  the  numbers.” 

The  company  has  been  fundamentally  overhauled. 

Two  out  of  three  employees  are  gone  and  Nortel  is  cur¬ 
rently  finalizing  a  contract  that  will  result  in  it  exiting  the 
manufacturing  business  all  together.  In  the  new  com¬ 
pany,  one  out  of  every  three  employees  is  in  research 
and  development. 

“We  stopped  talking  to  customers,”  Dunn  says  of  how  the 
company  lost  its  way  Malcolm  Collins,  president  of  the 
enterprise  group,  echoed  that:“Two  years  ago,  of  the  top  100 
customers,  we  touched  20  of  them.  Now  we  direct  touch  all 
of  them.” 

With  Nortel’s  carrier  wireless  business  booming,  Nortel’s 
enterprise  business  is  only  24%  of  sales  today,  and  while 
Dunn  admits  “the  game  is  over”  in  vanilla  corporate  data 
networking,  he  says  convergence  is  an  inflection  point  that 
represents  opportunity 

Convergence  isn’t  just  about  VoIP  he  says,  it’s  about 
multimedia  over  IP  Technology  will  make  it  possible  to 
get  people  more  engaged,  from  employees  to  customers 
and  business  partners.  But  getting  there  will  involve 
rethinking  architectures,  flattening  out  networks  to  reduce 
latency  and  building  in  more  security  and  reliability 
Dunn  and  Collins  see  that  adding  up  to  a  chance  for 
Nortel  to  shine  in  everything  from  multimedia  com¬ 
munications  gear  to  VoIP  solutions  and  core  backbone 
equipment. 

Time  will  tel!  if  the  future  will  be  as  bright  as  the  picture 
they  paint,  but  the  company  at  least  seems  to  be  back  and 
focused. 

—  John  Dix 
Editor  in  chief 
jdix@nww.com 


Ads  infinitum 

Regarding  Mark  Gibbs’  Backspin  column  “Ads  infini¬ 
tum”  (www.nwfusion.com,  DocFinder:  9863):  While  I 
doubt  that  pop-up  ads  will  be  killed  off  any  time 
soon,  it  is  clear  that  the  blocking  software  already 
available  has  been  putting  a  dent  in  the  profitability 
of  such  advertising.  Adding  Microsoft’s  muscle  to  the 
mix  will  no  doubt  change  the  situation  once  again, 
and  more  than  likely  have  some  unintended 
(adverse)  consequences. 

The  advertising  trend  that  I  currently  dislike  most  is 
the  Macromedia  Flash  advertisements, which  are  be¬ 
coming  more  prevalent  on  weather  and  news  sites. 
These  ads  tend  to  be  bandwidth  hogs  and  hijack  the 
underlying  page  until  they  have  finished.  There 
appears  to  be  no  easy  way  to  disable  them  without 
also  causing  legitimate  uses  of  Macromedia  to  break. 
Uninstalling  the  Macromedia  plug-in  prevents  the 
ads  from  displaying,  but  results  in  a  prompt  every 
time  a  page  wants  to  use  it,  asking  if  you  want  to  in¬ 
stall  the  plug-in.  There  are  other  workarounds,  but 
nothing  as  clean  as  Google’s  toolbar  pop-up  blocker. 

Mark  Heider 
Bowling  Green,  Ohio 

In  his  column  “Ads  infinitum,”  Mark  Gibbs’  writes 
that  television-style  video  ads  will  be  “coming  soon.” 
Web  sites  such  as  espn.com  and  cnet.com  already 
have  such  ads. They  come  in  as  the  banner  ad,  take 
up  the  top  half  of  the  page, show  off  some  Flash-type 
graphics,  and  then  reduce  to  the  size  of  a  banner  ad 
— sliding  the  rest  of  the  page  upward. About  half  the 
time,  you  have  to  click  on  some  obscure  or  hidden 
“X”  to  close  or  shut  them  off. 

There  is  a  semi-solution:  using  Mozilla  with  PrefBar, 
you  can  first  block  all  images  that  come  from  the 
particular  server  (right-click  on  the  image  and  then 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


choose  “Block  Images  from  This  Server” —  most  sites 
keep  their  news  images  on  a  different  server  than 
the  ad  image  server).  For  the  Flash-style  ads,  PrefBar 
(a  Mozilla  plug-in)  adds  a  “Kill  Rash”  button  that 
does  exactly  what  it  implies. 

Byron  Todd 
Rainbow  City,  Ala. 

To  prevent  those  annoying  pop-ups,  why  not  just 
use  Opera  as  your  browser?  I  have  my  Opera  set  to 
open  only  pop-ups  I  request,  such  as  when  I  want  a 
larger  view  of  a  catalog  item  on  a  shopping  site.  No 
other  pop-ups  get  through. 

Opera  also  offers  settings  to  block  all  pop-ups  or  to 
open  pop-ups  in  the  background.  Options  for  cus¬ 
tomization  of  other  features  are  extensive.  Cookies 
might  be  allowed  without  restriction,  blocked  entire¬ 
ly,  or  blocked  or  permitted  on  a  site-by-site  basis.The 
free  version  of  Opera  is  identical  to  the  purchased 
version  except  for  some  unobtrusive  ads  in  the  top 
right  corner  of  the  screen.  I  used  Norton  Security  to 
block  even  those  ads. 

Rocky  Mallon 
Tucson, Ariz. 

I  recently  learned  about  a  method  for  permanent¬ 
ly  blocking  ads.The  January  2004  issue  of  SysAdmin 
contains  a  story  by  Hal  Pbmeranz  titled  “A  Simple 
DNS-Based  Approach  for  Blocking  Web  Advertising,” 
(DocFinder:  9864).  The  story  describes  how 
Pomeranz  modified  his  local  DNS  server  to  return 
127.0.0.1  for  sites  that  are  known  advertisers.  I  tried  it 
on  my  system  and  it  works  great.  It  speeds  browsing 
and  as  you  find  new  sites,  you  just  add  them  to  list. 
Sure,  1  have  to  make  updates  to  the  list,  but  if  it  will 
stop  this  new  television-style  advertising  from  reach¬ 
ing  my  browser,  then  it’s  worth  the  effort.  The  hard 
part  will  be  convincing  my  company  to  implement 
this  approach  on  the  corporate  DNS  servers. 

Shane  Milburn 
Beaverton,  Ore. 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder  9862 
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Z"  The  IP  telephone  wave  is  coming 

uring  the  late  1970s  and  early  1980s,  a  wave  of  change  swept 
i  ■  across  the  enterprise  telephone  system  industry,  which  was 
mm  at  that  time  referred  to  as  the  private  branch  exchange  indus¬ 
try.  The  wave  was  caused  by  the  technology  shift  from  analog  sys¬ 
tems,  which  were  the  most  common  at  the  time,  to  digital  TDM  sys¬ 
tems.  These  systems,  which  were  smaller,  less  expensive  to  manu¬ 
facture  and  simpler  to  maintain,  became  the  focus  of  most  PBX 
manufacturers. 

At  that  time,  the  sales  spin  in  the  industry  was  about  the  benefit  the 
digital  PBXs  would  bring  to  users  as  the  public  switched  telephone 
network  became  digital.  It  was  a  nice  sell,  but  the  real  reason  for  the 
wave  became  painfully  obvious:The  manufacturers  simply  threw  all 
their  support  to  the  digital  systems  and  quit  developing,  upgrading 

ogy  dies.Avaya  already  has  announced  that  its  top-of-the-line  sys¬ 
tem  will  come  only  in  the  VoIP  flavor.  Look  for  more  vendors  to 
soon  follow  suit. 

This  being  the  case,  it  is  time  for  users  to  understand  that  they 
should  expect  an  inevitable,  if  not  sudden, shift  to  VoIP  telephone  sys- 
tems.This  shift  will  begin  (as  is  happening  now)  with  vendor-focused 
advertising  and  sales  efforts  aimed  at  using  the  protocol  for  ad¬ 
vanced  applications,  cost  reduction  and  other  benefits  to  users. 
However,  it  will  end  with  manufacturers  dropping  their  TDM  efforts 
entirely.  As  enterprise  telephone  system  manufacturers  decide  that 
their  research  and  development  efforts  are  going  to  be  exclusively 
focused  on  VolPTDM  systems  will  go  the  way  of  the  dinosaur. 

The  effect  on  users  is  going  to  be  more  traumatic  this  time,  how- 

...  it  is  time  for 
users  to  under 
stand  that  they 
should  expect  an 
inevitable,  if  not 
sudden,  shift  to 
VoIP  telephone 
systems. 

and  (ultimately)  maintaining  the  analog  systems.  Once  users 
became  aware  of  this,  the  move  to  digital  began.  For  PBX  manufac¬ 
turers,  these  were  the  good  old  days. 

Well,  the  good  old  days  are  back,  courtesy  of  the  newest  enterprise 
system  technology,  VoIP  Manufacturers  can’t  make  these  systems  fast 
enough,  nor  can  they  wait  to  educate  users  regarding  the  numerous 
cost  and  feature  benefits  of  VoIP 

But  these  good  days  for  VoIP  manufacturers,  distributors  and  cer¬ 
tain  consultants  do  not  necessarily  extend  to  end  users.  Once 
again,  users  are  going  to  be  “forced"  to  change  technology,  not  for 
their  good  but  because  this  is  what  the  manufacturers  are  demand¬ 
ing.  In  spite  of  the  commitments  of  the  TDM  legacy  manufacturers 
to  continue  to  support  and  upgrade  their  TDM-based  systems,  the 
time  will  come  quickly  when  the  decision  to  support  this  technol¬ 


ever,  because  of  one  major  difference:  the  design  and  successful 
installation  of  VoIP  systems  requires  more  homework  and  effort  on 
the  part  of  users  than  did  the  installation  preparation  for  TDM  sys¬ 
tems.  Design,  network  quality,  contention  and  security  —  all  these 
factors  become  major  issues  for  effective  implementation  of  this 
technology.  Any  VoIP  system  provider  indicating  differently  should 
be  avoided  like  the  plague. 

The  result  is  users  should  begin  today  to  learn  what  they  can  about 
this  technology,  as  the  question  is  not  if  your  company  will  be 
implementing  Voipbut  when. 

Horrell  is  an  independent  telecommunications  consultant,  speaker 
and  author  in  Memphis,  Tenn.  He  can  be  reached  at  edwardhorrell@ 
mindspring.com  or  via  his  Web  site,  www.edhorrell.com. 


ON  SECURITY 

Winn  Schwartau 


l  ecently  1  got  a  panicky  phone  call  from 
Henry  the  security  administrator  of  a 
i  California  hospital  1  have  done  business 
with  for  years.  It  seems  the  hospital  had  been 
hit  by  a  nasty  case  of  the  MyDoom  virus  that  began  its  explosive  growth 
during  the  last  week  of  January.  After  attempting  to  calm  Henry  down, 
I  asked  how  MyDoom  got  released  inside  the  hospital,  which  has  about 
2,000  desktops,  1,000  remote  machines,  and  the  usual  assortment  of 
Windows  and  Linux  servers. 

“That’s  the  really  bad  part,”  he  harrumphed.“Our  execs  did  it.” 

“Your  execs?  What  do  you  mean  they  did  it?” 

“They  clicked.” 

“No!”  1  was  flabbergasted.  “They  clicked  on  an  attachment  that  says, 
‘Virus  detected,  do  not  open’?” 

“Yes.” 

“But  what  about  your  corporate  security  policy  we  spent  so  much 
time  on,  which  clearly  states, ‘Do  not  click  on  unknown  attachments’?” 

“They  ignored  it,”  he  sighed.“Five  of  them.” 

Five  executives  in  his  hospital  had  clicked  on  MyDoom  —  and 
brought  the  email  system  to  a  grinding  halt.  I  thought  about  this  for  a 
second  and  postulated, “You  know,  Henry,  if  you  or  some  of  your  desk¬ 
top  users  had  done  the  same  thing, you  would  all  be  hung  out  to  dry, at 
least  according  to  your  corporate  policies.  I  suppose,  then,  our  security 
awareness  program  isn’t  doing  as  well  as  we  thought?” 

“No,  quite  the  opposite,  in  fact!”  Henry  sounded  more  upbeat  now. 
“Over  a  hundred  from  our  general  user  community  called  the  help 
desk  and  asked  what  to  do. The  staff  did  their  part;  the  execs  failed  us.” 

1  heard  similar  stories  from  several  other  large  organizations  and 
frankly  was  astounded.The  corporate  executives  who  demand  IT  per¬ 
fection  from  their  administrators  want  100%  availability  on  all  services 
and  expect  everyone  in  their  company  to  follow  security  policy  — 
these  are  the  people  at  the  root  of  the  problem. 

When  1  heard  that  on  Feb. 2  China  reported  hundreds  of  thousands  of 


MyDoom  makes  it  past  execs 


computers  infected  with  MyDoom,  I  could  understand.  China  has  a 
low  level  of  security  awareness  and  a  widespread  absence  of  efficient 
anti-virus  software  among  its  78  million  online  population;  thus,  it  is 
especially  vulnerable  to  worm  attacks.  But  in  the  U.S.,  where  executives 
authorize  the  spending  of  tens  of  thousands  of  dollars  and  more  annu¬ 
ally  to  manage  effective  anti-virus  defenses  and  educate  their  online 
user  base,I  am  sorry  —  there  is  no  excuse  for  falling  victim  to  MyDoom. 

Too  many  corporate  executives  set  down  edicts,  contract  out  the 
security  awareness  services  and  then  ignore  their  own  advice.  They 
expect  everyone  else  to  do  the  dirty  work. 

This  is  a  patently  unacceptable  approach  to  security  and  just  goes  to 
show  how  much  we  in  the  security  world  depend  on  the  average  IT 
user  to  help  protect  networks.  1  can’t  buy  the  argument  “I  didn’t  know 
about  it" as  a  valid  excuse  to  misbehave  on  your  own  network  and  click 
on  an  infected  attachment, even  if  it  did  come  from  your  closest  friend. 

That’s  part  of  how  the  bad  guys  are  getting  to  us:  through  social  engi- 
neering.They  are  preying  upon  the  fact  that  we  like  to  trust  our  friends, 
and  we  like  to  trust  the  e-mails  they  send  us. 

I  grew  up  in  New  York  and  can  smell  a  scam  artist  a  thousand  yards 
away  That  is  what  we  try  to  get  people  to  understand  through  security 
awareness:  It’s  not  only  about  the  technology  It’s  about  common  sense, 
alertness  and  a  bit  of  rational  paranoia. 

So  listen  up  educators,  trainers,  network  security  folks  and  human  re¬ 
sources  professionals: Your  executives  are  not  exempt. They, too,  must  be 
expected  to  learn,  understand  and  follow  security  policy;  participate  in 
awareness  training;  and  be  held  to  the  same  standards  they  hold  their 
employees  to.  Senior  management  has  to  realize  they  are  either  part  of 
the  solution  or  part  of  the  problem.  It’s  up  to  the  rest  of  us  to  make  sure 
that  message  hits  their  desks,  too. 


Too  many  corpo¬ 
rate  executives 
set  down  edicts, 
contract  out  the 
security  aware¬ 
ness  services 
and  then  ignore 
their  own  advice. 


Schwartau  is  president  of  Interpact,  a  security  awareness  consulting 
firm,  and  author  of  several  books,  including  the  recent  Pearl  Harbor  Dot 
Com.  He  can  be  reached  at  winn@interpactinc.com. 


AT&T  Wireless 


Sprint 


Get  information  in  25%  more  places  on  the  Sprint  high-speed  wireless  data  network. 


Your  employees  can  get  email  and  corporate  data  in  more 
places  nationwide  with  Sprint  than  with  AT&T  Wireless. 

The  Sprint  high-speed  wireless  data  network  covers  a  larger  area 
and  more  people  than  the  AT&T  Wireless  GPRS/EDGE  network. 
So  your  employees  can  be  more  productive  in  more  places. 

•  25%  larger  coverage  area 

•  25  million  more  people  covered 

All  this  and,  of  course,  clear  calls  on 
the  nations  most  complete,  all-digital 
wireless  network  to  make  your 
business  more  effective. 

Get  the  facts  at  sprint.com/facts  or  call 
877-459-8144  for  a  Business  Representative. 


One  Sprint.  Many  Solutions^ 

Voice/Data  PCS  Wireless  Internet  Services  E-Business  Solutions  Managed  Services 


The  Sprint  Nationwide  PCS  Network  reaches  over  245  million  people.  Coverage  not  available  everywhere.  Coverage  claims  based  on  the  Sprint  Nationwide  PCS  Network  and  the  AT&T  Wireless  GPRS/EDGE 
National  Network  excluding  roaming  areas.  Screen  shot  simulated.  Copyright  ©Sprint  2004.  All  rights  reserved.  Sprint  and  the  diamond  logo  are  trademarks  of  Sprint  Communications  Company  L.P 
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A  clear  choice  for 
product  testing 

From  anti-spam  soft¬ 
ware  to  wireless  LAN 
switches,  your  product 
choices  are  proving 
increasingly  critical  to 
the  business.  Testing  is  a 
must.  That’s  why  we’ve 
renewed  our  commit¬ 
ment  to  providing  you 
the  best  testing  program  possible. 

We’ve  started  by  picking  the  best 
products  of  all  we  tested  in  2003  — 
that  totals  more  than  240  products 
from  more  than  200  vendors  com¬ 
peting  in  13  categories  —  and  creat¬ 
ing  this  special  issue  to  highlight 
them.  The  14  winners  of  our  fifth 
annual  Best  of  the  Tests  Award  and 
61  finalists  receive  our  highest  rec¬ 
ommendation  for  deployment  (see 
story,  page  47). 

We’re  also  refining  our  Network 
World  testing  program.To  be  sure,  we 
will  continue  to  tap  into  the  expertise 
of  our  14-member  Network  World  Lab 
Alliance  (previously  known  as  the 
Global  Test  Alliance)  to  provide  com¬ 
prehensive,  hands-on  comparative 
tests  and  single  product  reviews.  But 
now  we’ll  be  doing  so  under  the  new 
moniker  Network  World  Clear  Choice 
Tests,  with  the  goal  of  pinpointing  the 
clear  choice  for  which  products  are 
enterprise-ready 

And  for  your  hands-on  testing, 
we’ve  compiled  some  great  tips  from 
our  testers.They  share  advice  on  how 
to  set  up  a  test,  establish  methodol¬ 
ogy  and  otherwise  guarantee  mean¬ 
ingful  results  (see  story  page  69). 

Lastly,  we  are  stepping  up  our 
efforts  to  collect  your  input  into  the 
products  we  test, and  how  and  when 
we  test  them.  Go  to  our  new  Test 
Request  page  on  Network  World 
Fusion  and  tell  us  which  products 
you’d  like  us  to  test  (www.nw 
fusion.com,  DocFinder:  9871). 

Clearly,  the  choice  is  yours.  But 
please  participate! 


The  Best  Products  Issue 


Best  of  the  tests 


Selected  from  a  field  of  240-plus,  our  14  Best 
of  theTests  Award  winners  deserve  an 
ovation  for  stellar  performances  sure  to 
improve  any  corporate  network. 


Testers’  best  tips 


Network  World  Lab  Alliance  members  share 
their  secrets  for  conducting  meaningful 
product  tests. 


Fave  raves 


In  their  own  words,  four  readers  tell  us  what 
network  products  they  love  —  from  the 
decades-old  to  the  brand  new. 


Tops  in  innovation 


Selected  by  five  of  our  columnists,  these 
products  step  beyond  the  norm  with 
interesting  solutions  for  today's  enterprise 
network  problems. 


—  Christine  Burns 
Lab  Alliance  Director 
cbums@nww.  com 


Cool  names 


Outstanding  product  names  are  becoming 
less  of  a  rarity  in  the  network  industry. 
Here  are  some  of  the  best. 


The  Best  Products  Issue  is  one  of  six  bimonthly 
supplements  providing  insights,  opinions  and  infor¬ 
mation  on  the  biggest  trends  in  networking.  Up 
next  is  the  Network  World  200  Issue,  our  annual 
exploration  of  the  200  biggest  network  vendors  in 
North  America,  coming  April  26. 


BEST  PRODUCTS 

online 

Visit  the  Best  Products  portal,  at 

www.nwfusion.com/best/2004  for  con¬ 
tinuing  coverage.  You'll  find: 


•  The  Test  Request  page,  where  you  can  submit  input  about  the 
types  of  products  we  test  and  how  we  test  them.  DocFinder:  9871 

•  Links  to  winning  product  demos,  evaluation  copies  or  other 

vendor-supplied  online  tools. _ 

•  Product-related  resources,  including  technology  explanations 

from  our  Networking  Encyclopedia  and  free  downloads. _ 

•  The  lowdown  on  Network  World  events  such  as  Technology  Tours 
and  Webcasts. 


POWER 


Chaos. 


Control. 


Take  control  of  your  Internet  security. 


Introducing  Proventia'“  Enterprise  Protection  Products.  Just  because  Internet  threats  are 
complex,  doesn't  mean  your  security  has  to  be.  Finally,  a  single,  unified  protection  appliance 
that  protects  more  with  less,  eliminating  the  cost  and  chaos  of  multiple  stand-alone  security 
products.  Proventia“  centrally-managed  products  range  from  detection  up  to  completely 
unified  and  proactive  multi-function  protection  appliances,  combining  firewall,  intrusion 
prevention  and  anti-virus  technologies.  Take  control  of  your  enterprise  security.  Switch  to 
Internet  Security  Systems  today.  800-776-2362.  www.iss.net/takecontrol. 


Q 

Internet 

Security 

Systems' 


O  2003  Internet  Security  Systems.  Inc.  All  rights  reserved  worldwide. 
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BestTests 

NetworkWor1tl&2003 


Best  of  the  tests 


Selected  from  a  field  of  240-plus,  the  14  winners  of  our  Best  of  the 
Tests  Award  deserve  a  standing  ovation  for  stellar  performances  sure 
to  improve  any  corporate  network.  By  Christine  Burns  and  Keith  Shaw 


Were  a  week  shy  of  the  Academy  Awards,  the  Hollywood 
gala  featuring  superstars  in  their  glittery  Versace  gowns 
and  Armani  tuxes. While  you  won’t  find  any  sequins  here, 
our  2003  Best  of  the  Tests  Award  does  honor  comparably 
big  winners  —  stars  of  the  computer  screen,  you  could  say 


Through  this  Best  of  the  Tests  Award,  our  fifth 
annual,  we  honor  the  products  that  performed 
exceptionally  well  in  our  tests  last  year.  The  win¬ 
ners  all  have  survived  rigorous,  hands-on  testing  in 
one  —  sometimes  two  or  three  if  it’s  a  distributed 
evaluation  —  of  our  14  Network  World  Lab 
Alliance  partner  facilities  or  in  Senior  Reviews 
Editor  Keith  Shaw’s  lab.  All,  too,  offer  critical  net¬ 
work  services. 

In  2003,  we  tested  more  than  240  products  from 
more  than  200  vendors. 

To  narrow  that  wide  field  to  our  61  finalists,  we 
considered  how  the  products  fared  in  compara¬ 
tive  tests  on  performance,  management  capabil¬ 
ities  and  ease  of  use.  We  also  accounted  for 
unique  features  that  lifted  any  product  above 
the  fray. 

Once  we  had  our  finalists,  we  then  selected 
which  specific  product  deserved  the  Best  of  the 
Tests  honor.  We  considered  the  overall  useful¬ 
ness  of  the  products  when  deployed  in  a  large- 
scale  network,  and  those  that  had  multiple  tools 
for  getting  the  job  done  weighted  greater  than 
point  products  focused  on  a  single  task. 

Products  fell  into  these  categories: 

•  Anti-spam:  Software  tools. 

•  Convergence:  IP  PBX  management  wares;  IP 
PBX  remote  user  support;  VoIP  analysis  tools. 


•  LAN  management:  LAN  monitoring  tools; 
desktop  and  server  management  products; 
mobile  device  management  products;  remote 
control  software. 

•  Messaging  and  collaboration:  Instant  messag¬ 
ing  software;  collaborative  workspace  products; 
messaging  servers;  videoconferencing  products. 

•  Network  infrastructure:  Gigabit  and  10G 
Ethernet  switches  and  routers;  blade  servers. 

•  Operating  systems:  Windows;  Linux;  NetWare; 
Apple  OS/X. 

•  Security  infrastructure:  Intrusion-detection  sys¬ 
tems;  Web  application  firewalls; VPN  gear. 

•  Security  management:  Security  event  man¬ 
agers;  patch  management  software;  security  pol¬ 
icy  management  products;  client  security  man¬ 
agement  wares. 

•  Storage:  Director-class  switches;  workgroup 
and  enterprise  NAS  devices. 

•  WAN  management:  WAN  management  and 
monitoring  tools;  traffic  compression  devices. 

•  Wireless:  Switches;  access  points;  WLAN  ana¬ 
lyzers;  applications. 

•  SMB  networks:  Wireless  gear;  server  appli¬ 
ances,  storage  products. 

•  Cool  Tools:  High-tech  gizmos. 

And  now,  for  the  moment  you’ve  all  been  wait¬ 
ing  for.  The  awards  go  to  . . . 
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BesliTests 


Winning  company:  Postini 


Winning  product:  Perimeter  Manager 

NetworkWorldC^)2003  version  3.3 _ 


We’re  not  just  starting  out  with  anti-spam  be¬ 
cause  it  begins  with  an  “A.”  In  2003,  you  couldn’t 
escape  either  the  spam  messages  advertising  great 
mortgage  rates  (or  appealing  to  prurient  inter¬ 
ests),  or  the  messages  from  companies  claiming 
they  could  stop  the  spam.  For  that  reason,  we 
pulled  anti-spam  from  the  normal  “messaging” cat¬ 
egory  and  gave  it  its  own  rating. 

In  our  first-ever  “In  the  Wild”  anti-spam  test,  we 
threw  more  than  10,000  emails  at  16  enterprise 
anti-spam  products  over  30  days  to  find  out  which 
one  stopped  spam  the  best  (www.nwfusion.  com, 
DocFinder:  9821).  With  16  products  tested,  we  had 
a  lot  to  love  (and  hate).  So  to  choose  the  Best  of 
the  Tests  Award  winner,  we 
decided  to  go  with  the  best 
performer  in  accuracy  of 
stopping  spam  and  prevent¬ 
ing  false  positives.  Postini’s 
Perimeter  Manager  holds 
that  distinction. 

In  our  tests,  Perimeter 
Manager  scored  the  highest 
in  accuracy  catching  94%  of 
the  spam  in  our  10,000  mail 
messages,  and  delivered  the 
lowest  false-positive  rate.  It 
tagged  only  0.4%  of  mes¬ 
sages  as  spam  that  actually 
weren’t.  While  Perimeter 
Manager  landed  in  the  mid¬ 
dle  of  the  pack  on  perfor¬ 
mance,  handling  about  six 
messages  per  second,  we 


on  to  the  spam  management  interface  to  adjust  set¬ 
tings  as  needed.  Fbstini  also  features  spam-fighting 
technology  that  we  agree  with,  including  per-user 
whitelist  and  blacklist  settings  and  per-user  quaran¬ 
tines  to  release  false  positives.  We  also  were 
impressed  with  Fbstini’s  batch  command  language 
for  managing  configurations.This  is  useful  for  com¬ 
panies  that  need  to  update  settings  on  hundreds  or 
thousands  of  users,  or 


felt  that  higher  accuracy  and  lower  false  positives 
outweighed  performance. 

Fbstini  also  showed  outstanding  control  features 
for  fine-tuning  the  spam  engine.  End  users  can  log 


define  many  different 
e-mail  policies. 

However,  the  bottom 
line  is  that  Perimeter 
Manager  is  just  one  of  a 
number  of  good  prod¬ 
ucts  to  wage  battle 
against  spam.  As  we 
concluded  from  our 
tests  of  these  products, 
the  most  important  way 
to  fight  spam  is  to  let 
your  users  do  it. 

As  Network  World  Lab 
Alliance  partner  Joel 
Snyder  notes,  “Your  first 
decision  has  to  be 
whether  you  consider 
individual  user  quaran¬ 
tine  control  and  settings 
important.  This  feature 
will  reduce  mail  server 
load  and  give  users  con¬ 
trol  over  their  own  spam 
settings  and  whitelists. 
Top-rated  products  that 
include  this  feature 
include  Postini’s  Peri¬ 
meter  Manager/ 


Product 

UPDATE 


Since  our  test,  the  company  has  launched 
the  Postini  Threat  Identification  Network 
(PTIN),  a  real-time  information  service  on  e- 
mail  threats  and  offenders.  Postini  says  the 
information  service,  based  on  its  proprietary 
transport  heuristics,  can  process  more  than 
120  million  e-mail  messages  per  day. 

The  PTIN  service  provides  a  constantly 
refreshed  repository  of  source  IP  addresses 
that  have  been  observed  engaging  in 
"unwanted  or  damaging  e-mail  practices.” 
Subscribers  of  the  PTIN  service  can  request 
an  assessment  of  a  given  IP  address,  and 
the  service  returns  a  probabilistic  value  of 
the  likelihood  of  malicious  intent  by  category 
(including  spam,  virus,  directory  harvest 
attacks  and  denial  of  service). 

Watch  this  space:  We  plan  to  conduct 
another  enterprise  anti-spam  test  in  2004, 
with  a  focus  on  products  that  also  handle 
anti-virus  capabilities.  Perhaps  well  even 
put  an  end  to  the  argument  over  whether 
the  two  technologies  could  (or  should)  work 
from  the  same  platform. 


Tumbleweed  Communication 
Messaging  Management  System 

This  product  had  above-average  spam-stopping 
capabilities  (81.3%  accuracy,  1.2%  false-positive 
rate),  and  good  performance.  But  what  we  really 
loved  was  its  high  flexibility  in  configuration,  the 
system  let  us  construct  configuration  rules  using 
dozens  of  criteria,  without  having  to  dive  into  a  pro¬ 
gramming  language.  It  also  gave  us  a  good  instant 
snapshot  on  server  operations  by  displaying  mea¬ 
surements  such  as  system  load,  queue  lengths, 
message  counts  and  a  current  status  indication. 


MailFrontier  Anti-Spam 
Gateway 

This  is  another  product  with  an  ex¬ 
tremely  high  accuracy  rate  (89.4%,  sec¬ 
ond  only  to  Postini),  and  a  very  low  false¬ 
positive  rate  (0.7%).  The  Windows-based 
software  has  an  automatic  whitelisting  fea¬ 
ture  of  which  we're  a  bit  wary:  it  handles 
that  by  monitoring  the  logs  of  your  outgo¬ 
ing  mail  server.  However,  it  also  supports 
per-user  whitelists  and  blacklists,  and  per¬ 
user  quarantine  features,  which  we  liked. 


MX  Logic  E-mail  Threat 
Management  Service 

The  system  had  average 
accuracy  (its  77%  accuracy 
below  our  80%  threshold), 
but  it  made  up  for  it  with  a  low 
false-positive  rate  (0.5%,  sec¬ 
ond  only  to  Postini).  This  prod¬ 
uct  also  lets  you  control  spam 
through  per-domain  settings. 


Corvigo  MailGate 

Corvigo’s  system  impressed  us 
with  its  control  features  (tuning 
the  system  to  determine  what  type 
of  message  constitutes  a  ranking 
of  "spam”),  and  its  "dashboard" 
function,  which  gave  us  a  quick 
look  at  how  the  servers  were  run¬ 
ning.  Corvigo  also  met  our  thresh¬ 
old  for  accuracy  (84.6%)  and  had 
a  low  false-positive  rate  (0.7%). 
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Look  around  you.  There’s  data  being  created  in  more  places  than  ever  before. 


And  thanks  to  Snap  Appliance  storage  solutions,  no  matter  where  critical  data  exists  or  how 
it  is  generated,  it  will  be  protected.  It  must  be.  It’s  the  reason  why  Snap  is  found  in  so  many 
applications  across  virtually  every  industry.  From  retail  and  banking,  to  government  and  CAD. 
In  fact,  more  than  50%  of  the  Network  Attached  Storage  installations  in  the  world  and  more 
than  half  of  the  Fortune  500  rely  on  Snap  to  protect  their  data.  Because  when  data  is  safe, 
the  future  of  a  company  is  boundless.  1  -888-343-SNAP,  www.snapappliance.com 


BUYING 
MORE  SERVER 

VS.  BU  Yl  NG 
MORE  SERVERS. 


There’s  a  smarter  alternative  to  adding  more  servers:  adding  servers  that  can  do  more.  Like  IBM  eServer™  xSeries® 
systems  —  powered  by  Intel®  Xeon™  processors.  Select  models  let  you  scale  up  (simply)  from  1  to  16  way.  Logical 
partitioning  with  optional  VMware®  software  lets  you  deploy  up  to  80  virtual  servers  and  handle  not  just  one,  but  multiple 
applications  at  once.'  Easily.  How  can  you  thrive  in  the  on  demand  world?  With  xSeries  systems  that  can  do  more.  So 
you  can  do  less.  For  more  info,  download  WhyX,  an  in-depth  guide  to  xSeries  systems  at  ibm.com/eserver/advantage 


5  reasons  more  and  more  businesses  are  turning  to  IBM  eServer  xSeries  systems. 


Scale  1-16  way  with  select 

IBM  Director  systems 

Linux-ready  through 

Mainframe-inspired 

24/7/365  optional  onsite 

models.  Pay  as  you  grow. 

management. 

the  entire  line. 

technologies. 

hardware  support : 

@  server 

v, — -  ® 


IBM  eServer  xSeries  systems  are  powered  by 
Intel  Xeon  processors.  (You  can  get  more  when 
you  buy  less.) 


’The  maximum  number  of  virtual  servers  that  can  be  deployed  will  depend  on  the  hardware  specifications  of  the  server.  “Additional  charges  apply.  Standard  support  includes  next  business  day  response  in  some 
countries.  IBM.  the  e-business  logo,  eServer,  the  eServer  logo  and  xSeries  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  counlries.  Intel, 
Intel  Inside,  the  Intel  Inside  logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Other  company,  product  and  service  names 
may  be  trademarks  or  service  marks  of  others.  ©  2004  IBM  Corporation.  All  rights  reserved. 
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CONVERGENCE  I  IP  PBX  management,  IP  PBX  remote  user  support,  VoIP  analysis  tools 


BestiTests 

NetworkWbrid®2003 


Winning  company:  Avaya 


Winning  product:  Avaya’s  IP  PBX 

platform,  featuring  its  S8700  Media  Server 
and  Communications  Manager  Software 


Since  awarding  the  2002  Best  of  the  Tests  Award, 
we’ve  changed  how  we  assess  products  that  fall 
under  the  convergence  umbrella.  Rather  than  use 
a  single,  broad  test  to  provide  a  little  insight  on 
many  product  aspects  —  particularly  the  IP  PBX 
systems  and  VoIP  gateways  that  anchor  most  VoIP 
deployments  —  we’re  testing  these  products  mul¬ 
tiple  times, honing  in  on  a  specific  feature  set  each 
time. The  result  is  a  series  of  stories  that  provide  a 
deeper  analysis  of  the  products  from  many  angles. 


accounting  package  from  Veramark  —  was  a 
clear  winner  in  its  ability  to  mark  events,  notify 
managers  of  events,  and  generate  trend  and  activ¬ 
ity  reports.  Avaya  also  got  high  marks  for  its  well- 
managed  implementation  ofVoIP  encryption. 

In  our  test  of  how  well  IP  PBX  systems  can 
accommodate  teleworkers,  Avaya’s  product  set 
proved  to  deliver  excel- 


mm 


Avaya’s  IP  PBX 
received  high 
marks  for  its 
well-managed 
implementation 
of  VoIP  encryp¬ 
tion. 


Our  choice  for  the  top  convergence  product  for 
2003 — Avaya’s  IP  PBX  platform  featuring  the  S8700 
Media  Server  running  Communications  Manager 
software — was  a  top  performer  in  our  IP  PBX  man¬ 
agement  review  (www.nwfusion.com,  DocFinder 
9839)  and  placed  in  the  top  three  in  our  test  of  how 
well-equipped  these  systems  are  for  supporting 
teleworkers  (DocFinder: 9840). A  third  test, not  used 
in  this  judging,  looked  into  VoIP  analysis  tools. 

Our  IP  PBX  management  test  focused  on  how 
each  vendors’  collection  of  management  wares 
addressed  real-time  monitoring, phone  configura¬ 
tion,  reboot  time,  quality-of-service  (QoS)  config¬ 
uration,  event  and  alarm  notification,  and  trend 
reporting  tasks.  The  Avaya  tool  suite  —  compris¬ 
ing  the  Avaya  Site  Administration  command-line¬ 
like  interface,  a  customized  SNMP  element  man¬ 
ager  called  Multi-Service  Network  Manager,  the 
VoIP  Monitoring  Manager  and  a  third-party  call- 


lent  mobility  and  call 
routing. 

Specifically,  Avaya  of¬ 
fers  great  soft  phone 
setup  tools  for  optimiz¬ 
ing  voice  quality  and 
integration  with  Micro¬ 
soft  Outlook  and  slick, 
real-time  call-routing 
capabilities  among  busi¬ 
ness,  soft,  cell  and  home 
phones. 

“Avaya  had  a  plan,  a 
sound  and  multi¬ 
faceted  plan,  for  leading 
its  TDM-legacy  en¬ 
terprise  customers,  as 
well  as  ‘greenfield’  cus¬ 
tomers,  into  the  world  of 
VoiP”says  Ed  Mier,a  Lab 
Alliance  partner.  “Based 
on  our  testing  through¬ 
out  2003,  we  have  found 
Avaya’s  IP-telephony 
equipment  to  work  very 
reliably  supporting  one 
of  the  richest  feature 
sets,  and  with  manage¬ 
ment  capabilities  that 
are  evolving  in  concert 
with  the  industry’s  tran¬ 
sition  to  IP  telephony!’ 


Product 

UPDATE 


Since  we  tested  this  product  —  once  in 
May  and  again  in  November  —  Avaya  has 
upgraded  its  Communications  Manager 
software  and  IP  PBX  operating  system  with 
improvements  in  encryption,  Enhanced-911 
support,  and  features  for  extending  PBX 
functionality  to  cell  phone  users.  Avaya  also 
announced  the  S8500  Media  Server,  a 
Linux-based  call  processor  with  support  for 
up  to  3,200  phones. 

Watch  this  space:  Continuing  with  our  tarn 
geted  approach  to  IP  PBX  testing,  well  exam¬ 
ine  how  vendors  equip  their  products  with 
built-in  security  features  and  look  at  VoIP- 
specific  firewalls.  Also  on  the  testing  docket 
are  Session  Initiation  Protocol  (SIP)-based 
phones  and  wireless  IP  telephony  devices.  As 
the  exclusive  media  sponsor  of  the  NetWorld+ 
Interop  ilabs,  well  also  have  direct  access  to 
the  SIP-based  interoperability  test  aimed  at 
uncovering  issues  that  arise  when  many  VoIP 
components  —  telephones,  soft  phones,  IP 
PBXs,  public-switched  telephone  network 
gateways  and  services,  automatic  call  distrib¬ 
utors,  and  voice  mail  systems  —  have  to 


Nortel  MGS  5100  IP  PBX  system  with 
Multimedia  PC  Client  v2.0  and  optional 
Model  2004  IP  hard  phone 

This  collection  of  products  earned  top  honors  for  its  abil¬ 
ity  to  support  teleworkers  in  a  VoIP  network.  It  received 
accolades  for  its  collaboration  features,  including  videocon¬ 
ferencing,  instant  messaging,  whiteboarding  and  Web  co- 
browsing.  Additionally,  presence  —  where  the  real-time 
status  of  workgroup  or  department  members  is  propa¬ 
gated  to  all  other  members  —  is  well  implemented  by 
Nortel  (DocFinder:  9840). 


Brix  Networks  Verifier  product  set  and  BrixWorx  with  Advanced  VoIP  Test  Suite, 
NetlQ  Vivinet  product  set  and  Chariot  Advanced  4.3 

These  product  sets  earned  finalist  distinction  for  their  high  marks  in  our  test  of  VoIP  traffic  analysis  tools.  The 
Brix  offering  hit  pretty  well  on  all  areas  tested  including  real-time  traffic  monitoring  and  alarm  generation,  long¬ 
term  monitoring  reporting,  traffic  generation,  voice  quality  assessment  and  QoS  measurement.  But  it  tends  to 
be  carrier-focused  in  terms  of  a  penchant  for  supporting  service-level  agreements  and  in  its  high  price. 

We  picked  the  NetlQ  product  set  as  a  finalist  because  of  the  high  quality  of  the  Chariot  tool,  which  sends  bidi¬ 
rectional  VoIP  streams  and  then  reports  voice-quality  assessment  based  on  VoIP  parameters  and  measured 
impairments.  Chariot's  automated  VoIP  voice-quality  assessment  capability  was  the  most  accurate  Mean  Opinion 
Score-estimate  assessment  of  the  products  evaluated.  The  Vivinet  tools  round  out  the  offering  with  things  such 
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COMPANIES  THAT  WERE 
JUST  IDEAS  YESTERDAY 
RUN  SAP 


What  if  you’re  onto  something  big,  but  aren’t  big  yet?  Start  with  SAP®  solutions  for  small  and  midsize  companies.  Solutions  designed  to  fit 
any  size  business  —  and  any  size  budget.  And  because  they’re  built  with  expansion  in  mind,  they  won’t  just  help  you  grow,  they  will  grow 
with  you.  Visit  sap.com/ideas  or  call  800  880  1727,  because  we  have  a  few  big  ideas  of  our  own. 
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WimiriR  company:  Opnet  Technologies 

Winning  product:  IT  Guru,  Version  9.0 


In  the  constant  battle  between  developers 
and  network  managers  regarding  who’s  to 
blame  when  something  goes  wrong  with  an 
application,  a  tool  that  measures  application 
performance  from  the  network’s  perspective  is 
a  great  weapon.  That’s  just  what  you  get  with 
Opnet  Technologies’  IT  Guru,  a  sophisticated 
network  analysis  and  network  performance 
software  package  (www.nwfusion.com,  Doc- 
Finder:  9824). 

With  the  software,  you  can  view  network  and 
application  performance  side  by  side  in  a 
graphical  format  that  eases  the  pinpointing  of 
performance  issues  and  delays.  The  software’s 


Product 

UPDATE 

In  August  2003,  Opnet  released  Version  10.0  of  its  suite  of 
products,  including  IT  Guru,  New  features  include  enhance¬ 
ments  to  troubleshoot  performance  of  Citrix  decodes,  multi¬ 
tier  transaction  correlation  and  the  ability  to  rapidly  predict 
the  affect  of  large-scale  application  deployments,  the  compa¬ 
ny  says.  The  new  product  also  includes  simulations  for  large 
wireless  network  models,  and  enhancements  for  troubleshoot¬ 
ing  and  validating  device  configurations. 

Watch  this  space:  Network  monitoring  as  it  applies  to  how 
you  keep  track  of  the  activity  on  your  network  is  a  constantly 
changing  term.  We  will  be  keeping  an  eye  out  for  interesting 
network  configuration  management  packages  to  test,  those 
that  aim  to  do  the  same  thing  for  network  devices  that  patch 
management  has  done  for  operating  systems.  We  also  plan  to 
test  desktop  and  client  management  packages,  with  a  focus  on 
how  these  packages  keep  systems  up  to  date. 


AppDoctor  module  offers  a  spreadsheet-style 
diagnostic  and  statistics  presentation  that  helps 
determine  whether  delays  are  in  the  applica- 


OPNET 


lIGuru 

Intelligent  Network  Management  for  Enterprises 


tion  or  the  network.  AppDoctor  analyzes  differ¬ 
ent  parameters,  including  average  packet  size, 
retransmissions  and  errors.  Advanced  features 
let  you  add  variables  that  can  help  predict  the 
effects  of  network  changes.  These  include 
changing  the  bandwidth,  latency,  link  optimiza¬ 
tion,  packet  loss,  payload  size  and  TCP  window 
size.  We  love  software  that  lets  you  create  “what- 
if”  scenarios,  especially  helpful  in  determining 
the  affect  of  multimedia  applications  on  the 
network. 

“We  found  ourselves  addicted  to  the  more 
advanced  features,”  writes  Jeffrey  Fritz,  the  Lab 
Alliance  member  who  tested  this  software.  “A 
network  technician  could  find  the  product  very 
useful  in  evaluating  the  effects  of  new  applica¬ 
tions  and  network  changes  without  harming  the 
production  network.” 

While  the  product  as  tested  was  expensive 
($40,000  to  $100,000  based  on  modules  and 
customized  models  purchased),  the  value  to  a 
company  with  thousands  of  dollars  in  revenue 
per  minute  would  find  this  package  priceless. 


Oculan  Qculan  250 

We  liked  this  appliance  for  providing 
"plug  and  play”  network  monitoring  to 
small  and  midsize  companies  that  want  a 
comprehensive  network-monitoring  sys¬ 
tem  without  the  hassle  of  installing  a  sep¬ 
arate  monitoring  server  and  software. 

The  appliance  offers  excellent  device 
discovery,  useful  monitoring  features, 
timely  notifications  of  network  events, 
helpful  reports  and  a  responsive  user 
interface.  In  addition,  the  Oculan  250  can 
identify  vulnerabilities,  watch  for  intrusions 
and  monitor  Windows  server  performance 
factors  (DocFinder:  9825). 


Noveil  ZENworks  for  Desktops 

In  desktop  management,  this  product  —  cou¬ 
pled  with  ZENworks  for  Handhelds  —  deserves  a 
nod  as  a  complete  set  of  tools  for  managing  desk¬ 
top  configurations.  The  software  uses  a  policy- 
based  approach  to  let  administrators  configure 
every  aspect  of  a  user's  desktop.  For  applications 
that  are  managed  through  Novell's  Application 
Launcher,  you  even  can  control  how  the  application 
runs  —  whether  locally  or  through  a  terminal 
services  session.  The  software  also  includes  a 
workstation-imaging  feature  that  takes  a  snapshot 
of  a  user's  hard  drive  at  specific  times,  so  you  can 
completely  restore  the  hard  drive  over  the  network 
(DocFinder:  9826). 


XcelieNet  Afaria, 

LANDesk  Software  LANDesk  Management  Suite, 
Mobile  Automation  Mobile  Lifecycle  Management 
Suite 

We  pulled  these  three  products  onto  our  finalist  list  because  each 
excelled  in  a  specific  area  of  our  desktop  configuration  tests.  Afaria 
offers  an  outstanding  software  distribution  capability  and  supports 
a  comprehensive  array  of  mobile  devices,  Because  the  LANDesk 
Management  Suite  repackages  Afaria  as  part  of  its  suite,  it  got  high 
marks  in  the  same  areas.  LANDesk  also  gets  kudos  for  features 
that  ease  software  deployment  in  very  large  networks  such  as  its 
integration  with  popular  disk-imaging  products  like  Symantec's 
Ghost,  Mobile  Automation's  product  does  an  outstanding  job  of  iden¬ 
tifying  software  inventory  on  mobile  devices  and  offers  some  inno¬ 
vative  help  desk  features  (DocFinder:  9826). 
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"Undelete  file  recovery, 
is  fast  and  foolproof." 

-Microsoft  Certified  Professional  Magazine 
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INSTANT  FILE  RECOVERY- 

FASTER  THAN  GOING  TO  BACKUP! 


Undelete  protects  deleted  files  and  allows  for  instant  recovery — and  it 
saves  so  much  labor  that  it  can  pay  for  itself  the  first  time  you  use  it. 

The  Windows®  recycle  bin  doesn't  capture  files  deleted  over  the  network — so  until  now, 
recovering  a  lost  file  from  your  Windows  servers  meant  a  time-consuming  restoration  from 
backup.  NEW  Undelete®  4.0  Server  Edition  captures  every  deleted  file,  and  allows  them  to  be 
instantly  recovered  with  just  a  few  clicks  of  the  mouse.  With  Undelete  Professional  Edition 
installed  on  your  workstation,  users  can  even  recover  their  own  files  from  server  Recovery  Bins. 

Get  Undelete  4.0  now,  and  put  the  worries  of  deleted  files  behind  you! 

Download  free  Undelete  trialware 
www.undelete.com/nwud41  •  800.829.6468  ext.  4268 


Development  of  System  Management  Tools 


©2004  Executive  Software  International.  All  Rights  Reserved.  UNDELETE,  EXECUTIVE  SOFTWARE  and  the  Executive  Software  logo  are  registered  fraderr 
trademarks  of  Executive  Software  International,  Inc.  in  the  United  States  and/or  other  countries.  Microsoft  and  Windows  are  registered  trademarks  or  trademarks  ci  "•  vosoft 
Corporation  in  the  United  States  and/or  other  countries.  All  other  trademarks  and  brand  names  are  the  property  of  their  respective  owners. 
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MESSAGING  AND  COLLABORATION: 


Instant  messaging,  collaboration, 
messaging  servers,  videoconferencing  tools 
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Best  Tests  Wnriig  company:  Documentum 
N  et  wo  rk World®) 2003 


Winning  product:  eRoom  6.0 


•v:» 


Our  testers 
found  eRoom 
easy  to  install 
and  configure. 
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In  2003,  if  spam  was  the  professional  wrestler 
who  got  corporate  messaging  into  a  figure-four  leg 
lock,  then  collaboration  software  was  the  manager 
who  saved  the  day  with  a  well-timed  chair  shot. 

Many  users  see  collaboration  software  as  a  way 
to  improve  productivity  through  its  virtual  rooms 
and  ability  to  gather  project  workers  together  with¬ 
out  having  to  wade  through  e-mail.With  many  pro¬ 
ject  team  members  working  in  different  area 
codes,  time  zones  or  other  remote  locations,  col¬ 
laborating  virtually  has  become  a  necessity 
With  that  in  mind,  we  favored  Documentum’s 
eRoom  6.0,  collaboration  software  that  lets  users 

. get  their  work  done  in  a  virtu- 

"  al  room  setting  through  the 
great  use  of  icons  and  col¬ 
lapsible  navigation  as  our  win¬ 
ner  (www.  nwfusion.com, 
DocFinder:  9842).  To  simulate 
remote  workers  connecting  to 
a  central  company  we  tested 
these  products  from  several 
physical  locations  (in  Califor¬ 
nia,  Kansas  and  Massa¬ 
chusetts)  across  the  Internet. 
Because  it  doesn’t  require  a 
separate  messaging  server,  we 
also  loved  this  product  from 
an  administrative  view. 

“  [Documentum  s  eRoom]  is 


up  its  workspaces.You  can  populate  these  virtual 
rooms  with  objects  or  files  as  defined  in  several 
templates  included  with  the  package  or  leave 
them  blank  so  users  can  later  fill  them.The  system 
is  flexible  enough  to  let  users  (with  permissions,  of 
course)  create  rooms  as  they  see  fit,  using  tools 
that  best  suit  needs  and  creativity 
We  enjoyed  the  flexibility  of  its  user  and  access 
control  —  how  it  lets  users  decide  who  can  “edit” 
a  certain  tool,  who  gets  “read-only”  access  and 
who  is  banned  altogether.  The  eRoom  approach 
to  polling  —  where  every  item  or  discussion  can 
be  used  to  launch  a  “user  poll” — was  impressive, 
easy  to  implement  and  very  democratic,  too. 


I  Launch  Dat*i  4/21/03 
I  Simples  delivered  to  Dev.  on  3/26/03 


ProductUPDATE 


Since  our  review,  Documentum  released  eRoom  7,  which  includes  greater  inte¬ 
gration  with  Documentum's  enterprise  content  management  platform.  Other  new 
features  include  the  ability  to  initiate  and  manage  a  structured  workflow  from  a 
collaborative  application,  for  processes  such  as  proposal  and  contract  manage¬ 
ment:  to  connect  collaborative  processes  with  content  management  applications; 
and  to  publish  centrally  managed  content  to  multiple  target  workplaces. 

Documentum  also  is  now  a  division  of  EMC,  which  bought  the  company  in  an 
October  stock  deal  valued  at  SI  .7 1 
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easy  to  install  and  configure,  has  a  very  intuitive 
and  easy-to-use  interface,  and  can  be  adapted  to 
meet  the  needs  of  virtually  any  collaborative 
effort,”  Lab  Alliance  member  Christine  Perey  writes. 

We  were  impressed  with  how  Documentum  set 


Wateh  this  space:  We  plan  to  test  presence-enabled  and  collaborative  products 
that  come  out  in  2004  to  see  if  they  can  help  us  get  our  work  done  more  quickly. 
With  instant  messaging  gaining  corporate  acceptance,  making  sure  the  messages 
are  secured  becomes  a  top  priority.  As  such,  we  hope  to  test  which  products  help 
you  lock  down  communication  streams.  And  in  light  of  Heath  Insurance  Portability 
and  Accountability  Act  regulations  and  ongoing  security  concerns,  systems  that 
watch  what  your  users  are  doing  online  (Web  surfing,  e-mail  and  IM)  remain  high 
on  our  test  wish  list, 


YCON  IPNexus 

We  were  highly 
impressed  with  this 
IM  system  in  that  it 
can  support  instant 
text  messaging  and 
real-time,  full-fea¬ 
tured  collaboration 
sessions  (including 
point-to-point  or 
multi-point  H.323 
videoconferences) 
(DocFinder:  9843). 


IBM/Lotus  Sametime  3.0 

This  is  another  IM  system  we 
enjoyed  testing.  With  this  product,  IBM 
offers  collaboration  tools  such  as  chat, 
whiteboard,  polling,  screen  sharing 
and  some  multimedia  online  meetings. 
If  you  have  a  Domino  server  and  want 
to  explore  the  world  of  IM  and  get 
your  feet  wet  with  collaboration,  Lotus 
Sametime  should  be  on  your  short  list. 
While  the  product  requires  the  Domino 
Application  Server,  IBM  does  include  a 
limited  license  of  Sametime  for  cus¬ 
tomers  who  don't  have  Domino  for 
mail  services  but  want  to  try  out 
Sametime  (DocFinder:  9844). 


Microsoft  Exchange  Server  2003  and 
Outlook  2003  client 

While  we  don't  think  non-Exchange  users  will  switch  to 
the  product  because  of  the  new  security  and  anti-spam 
features,  veteran  Exchange  shops  should  enjoy  them.  If 
you  rely  solely  on  Exchange  for  anti-spam,  Microsoft 
includes  extra  filtering  at  the  Simple  Mail  Transfer  Protocol 
gateway  and  lets  you  block  messages  based  on  the  user 
or  domain  where  the  mail  claims  to  be  from  or  for  whom 
the  message  is  intended.  The  new  Outlook  client  also  lets 
you  deny  delivery  connection  attempts  based  on  origina¬ 
tion  address  and  features  other  anti-spam  functions.  The 
software  also  features  a  Mailbox  Recovery  Center,  which 
lets  administrators  find  “orphaned"  mailboxes  and  re-link 
them  with  Active  Directory  Accounts.  Microsoft  also 
enhanced  virtual  memory  usage  (DocFinder:  9845). 


Sonic  Foundry  MediaSite 
Live  2.0 

This  collaboration  and  streaming  media 
appliance  aims  to  make  producing  live  or  on- 
demand  streaming  media  easy  enough  for 
the  marketing  department.  With  terms  like 
compression  algorithms,  data-rate  optimiza¬ 
tion  and  challenges  in  posting  and  merging 
content  and  video,  a  producer  who  just 
wants  to  stream  a  presentation  or  a  CEO 
speech  needs  some  help,  Professional  pro¬ 
ducers  who  use  the  system  can  focus  on 
video  composition  and  not  technology  pro¬ 
cessing.  Finished  content  meets  and  exceeds 
the  expectations  of  the  most  demanding 
business  audience  (DocFinder:  9846). 
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NETWORKS 


The  Power  of  Performance 


2003 

#1  in  connections/sec 
*1  with  Gigabit  DoS  attack  protection 
*1  in  powerful  content  parsing 
and  cookie  switching 
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See  us  at 


HOMELAND  SECURITY 

CONFERENCE 

FEBRUARY  25-26 
WASHINGTON 
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Server  I  ron  —when  it  comes  to  Layer  4—7  load  balancing,  there  is  no  summit! 
fust  a  continuous  journey.  Foundry's  Serverlmn  switches  continue  to  be  the  trailbkrzer 
foi  server  scalability  with  one  accomplishment  after  another.  Serverlroti  switches  protect 
servers  against  deuial-observice  attacks  .improve  server  scalability, and  vastly  enhance  server 
reliability.  Servcrl ron  makes  it  easy  to  manage  all  your  networked  applications  and  improve 
User  response  nine  while  eliminating,  application  downtime.  Its  the  industry  leader  in 
perfortitaui  e.  intelligence.  set  mats,  and  pi  u  e.  So  it  s  no  coincident  e  that  Serverlron  is  the 
product  ot  t  hoice  lor  the  world  \  largest  and  most  demanding  eustomers. Visit  us  today  at 
\vw  w  .toinui  i\  net  works. com  si.  Or  tali  I.SSX.I  UlfliOLAN  (I  .X88.X87.2.652L 
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Winning  company:  Cisco _ 

Winning  product:  Catalyst  6500  with 
10G  Ethernet  line  cards 


Bigger,  faster,  better. 

That  description  pretty  much  sums  up  why  we 
chose  the  Cisco  Catalyst  6500  switch  with 
attached  10G  Ethernet  line  cards  as  this  year’s 
winner  in  the  network  infrastructure  category. 

The  much-anticipated  mid-2002  ratification  of 
the  10G  Ethernet  standard  meant  we  started  lin¬ 
ing  up  our  product  testing  based  on  that  specifi¬ 
cation.  When  we  published  the  results  of  our  first 


Product 

UPDATE _ 

While  Cisco  has  been  officially  mum  on  future  plans  for  the 
Catalyst  6500,  we've  reported  that  the  company  is  working 
on  a  new  management  tool  for  the  switch.  The  Integrated 
Services  Device  Manager  reportedly  will  give  users  one  inter¬ 
face  for  configuring  intrusion  detection,  VPN,  firewall  and 
Layer  4  to  Layer  7  switching  capabilities  on  a  Catalyst  6500 
switch  chassis.  In  the  past,  these  blades  had  to  be  managed 
as  individual  network  appliances  that  happened  to  run  in  the 
Catalyst  chassis.  This  tool  is  expected  to  be  available  for  free 
before  midyear. 

Watch  this  space:  The  10G  Ethernet  testing  continues  to 
roll.  We  recently  brought  a  new  Foundry  Networks  switch  into 
the  labs  to  undergo  testing.  Results  will  publish  next  month. 
Later  this  spring,  we  plan  to  test  new  10G  Ethernet  switches 
from  Extreme  Networks  and  ForcelO. 

For  other  network  infrastructure  requirements,  we  are  hit¬ 
ting  on  a  number  of  new  stackable  switches.  We  recently  pub¬ 
lished  performance  results  for  Nortel's  BayStack  5510 
(DocFinder:  9828)  and  plan  to  publish  results  for  new  stack- 
able  offerings  from  HP  and  Dell  in  March.  We  also  have  a  com¬ 
parative  test  of  Layer  4  to  Layer  7  load-balancing  switches 
planned  and  will  publish  a  series  of  testing-based  stories  on 
enterprise  servers. 


test  in  February  2003,  ForcelO 
Networks’  El 200  switch  was  the 
only  product  of  five  tested  to  fill 
the  10G  pipe. 

Because  vendors  were  still 
working  to  ship  standard  10G 
gear  at  the  time  we  conducted 
this  inaugural  review,  we  issued 
them  a  standing  challenge  to 
pony  up  their  products  for  test¬ 
ing  —  using  an  identical  base 
test  methodology  —  at  a  future 
date. 

Cisco  took  us  up  on  our  offer 
last  fall,  as  soon  as  it  was  ready 
to  ship  the  standards-based  10G 
Ethernet  blades  for  the  Catalyst 
6500  chassis.The  company  gave 
us  an  exclusive  look  at  the  new 
hardware  and  software  —  a 
combination  that  nailed  every 
test  we  threw  at  it. 

The  switch  achieved  line-rate  throughput  with 
low  delay  and  jitter.  It  set  record  recovery  times. 
It  was  the  only  product  tested  at  that  point  that 
could  protect  high-priority  traffic  while  simulta¬ 
neously  rate-limiting  low-priority  traffic.  In  the 
first-ever  public  test  of  IPv6  routing,  the  Catalyst 
6500  moved  traffic  at  line  rate  even  when  han¬ 
dling  250  million  flows  (www.nwfusion.com, 
DocFinder:  9827). 

“Simply  put,  this  is  the  highest-performing  10G 
Ethernet  product  we’ve  tested  to  date,”  says  Lab 
Alliance  member  David  Newman,  who’s  in 
charge  of  our  rolling  test  of  10G  products.“Cisco 
may  be  a  relative  latecomer  to  the  10G  Ethernet 
game,  but  it’s  making  an  impressive  debut.” 


Cisco  Catalyst  6500 
nailed  every  test  that  we 
could  throw  at  it 
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Cisco  Catalyst  3570 

3Com  XRN  stackable  switch 

ForcelO  E1200 
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Cisco  enhanced  its  line  of  stackable  switches 

architecture 

The  E1200  was  the 

CO 

with  the  introduction  of  its  StackWise  intercon- 

3Com  targets  the  enterprise  back- 

first  10G  Ethernet 

■  am 

nect  technology.  From  our  test  of  a  stack  that 

bone  with  its  Expandable  Resilient 

switch  we  tested  that 

OS 

included  three  Cisco  3750s,  we  concluded  that 

Networking  architecture,  and  our 

could  pull  off  a  full  10G. 

the  combination  was  a  good  fit  for  the  enter- 

tests  support  the  company’s  claim 

That  earned  the  prod- 

i&m 

prise  application  where  a  large  chassis  solution 

that  its  XRN  interconnect  technology 

uct  accolades  in  our 

■  HU 

is  not  economically  feasible,  yet  high  levels  of 
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scalability  are  required.  The  ring  provided  up  to 

lent  performance.  With  this  stacking 

proprietary  switches 

30G  bit/sec  throughput  while  maintaining  low 

technology,  3Com  can  match  com- 

for  delivering  true  10G 

latency,  condensed  administration  and  manage- 

petitors'  availability  and  performance 

bit/sec  throughput 

ment  features  and  increased  redundancy 

—  at  a  significantly  lower  price 

with  any  frame  size 

(DocFinder:  9829). 

(DocFinder:  9830). 

(DocFinder:  9831). 

HP  ProLiant  BL  p-Class  server  blade 
enclosure  with  BL20p  server  blades 

We  included  HP's  server  blades  as  a  finalist  in 
this  category  because  blade  servers  have  been 
touted  as  a  way  to  get  more  computer  power  into 
less  space.  HP's  p-Class  blades  are  designed  for 
compute-heavy  applications  such  as  database  or 
dynamic  Web  applications,  HP  offers  a  6U-high 
chassis  that  holds  a  maximum  of  eight  two- 
processor  blades.  This  product  earned  high 
marks  in  our  tests  based  on  its  great  manage¬ 
ment  and  serviceability  features,  plus  strong 
performance  (DocFinder:  9832). 
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Best  Tests 

NetworkWorid02OO3 


Winring  company:  Microsoft 
Winning  product:  Windows  Server  2003 
Enterprise  Edition 
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Windows  Server  2003 

Enterprise  Edition 


Microsoft 
Windows  Server 
2003  provides 
performance 
enhancements 
along  with 
features  that 
help  Win  2003 
support  Web 
services. 


Picking  the  top  server  or  network 
operating  system  is  like  volunteering  to 
sit  in  the  front  row  at  a  biblical  stoning. 
You’re  likely  to  get  hit  in  the  back  of  the 
head  from  every  direction. 

That  said, based  on  testing  of  five  major 
operating  systems  geared  to  run  on 
enterprise-level  servers  we  conducted 
this  year,  Microsoft’s  Windows  Server 
2003  comes  out  on  top  with  Novell 
NetWare  and  Red  Hat  Linux  following 
closely  But  note,  we  base  our  claims  on 
our  testing  and  acknowledge  that  they  don’t  nec¬ 
essarily  apply  across  the  board. 

We  tested  the  enterprise  edition  of  Microsoft’s 
newest  release,  NetWare  6.5,  Red  Hat  Linux 
Advanced  Server  9.0,SuSe  Linux  —  as  a  represen¬ 
tative  of  the  UnitedLinux  effort  —  and  Apple’s 
OS/X  10.2.5.  While  this  set  of  individual  tests  was 
not  pitched  as  a  head-to-head  comparison,  we 
used  the  same  performance  methodology  and 
evaluation  criteria  across  the  tests.  We  also  used 


the  same  hardware  for  all  tests,  with  the  exception 
of  OS/X  running  on  Apple’s  Xserve  platform. 

“From  both  an  installation  and  management 
perspective,  Windows  Server  2003  is  as  flexible 


and  versatile  a  platform  as  Microsoft  has  ever 
made,”  says  Lab  Alliance  member  Thomas  Hen¬ 
derson,  who  conducted  each  of  the  operating  sys¬ 
tem  tests.  “Microsoft  paid  attention  to  the  criti¬ 
cisms  of  Windows  2000.  [Win  2003]  really  replaces 
NT  without  the  headaches  caused  by  predecessor 
Windows  2000  —  and  it’s  a  killer  performer’ 

Microsoft  says  it  has  pretty  much  rewritten 
Internet  Information  Server,  its  Web  server,  as  an 
integral  part  of  this  release.  We  believe  it.  In  our 
maximum  TCP  connection  test,  which  measures 
the  capacity  of  the  server  to  respond  to  TCP  ses¬ 
sion  requests,  the  numbers  for  Win  2003  came  in 
almost  10-fold  higher  than  those  for  Win  2000.  In  a 
more  stringent  transactional  test,  in  which  we  test¬ 
ed  static  Web  page  transaction  cycles,  Win  2003 
showed  improvements  of  close  to  fourfold.  In  a 
straight  I/O  test,  we  saw  a  31%  increase  in  number 
of  I/Os  per  second  on  Win  2003  (www.nwfusion. 
com,  DocFinder:  9833). 

In  addition  to  performance,  Microsoft  has 
added  features  that  help  Win  2003  support  Web 
services,  make  server  management  easier,  provide 
meta-directory  capabilities  and  let  servers  run¬ 
ning  this  operating  system  play  a  stronger  role  in 
storage-area  networks. 


Product  UPDATE 

Since  rolling  out  Win  2003,  Microsoft  has  issued  almost  a  dozen 
security  bulletins  regarding  the  operating  system.  In  terms  of  add¬ 
on  features,  the  company  in  September  released  a  free  download 
called  Automated  Deployment  Services,  which  supports  the  auto¬ 
matic  and  simultaneous  installation  of  Win  2000  and  2003  "images" 
to  multiple  servers  that  have  no  operating  system  installed.  In 
October,  Microsoft  delivered  Windows  SharePoint  Services,  a  part  of 
Win  2003  that  lets  end  users  set  up  Web  sites  for  collaboration  and 
information  sharing,  and  in  January  released  a  general  beta  version 
of  Win  2003  for  systems  using  Advanced  Micro  Devices'  64- 
bit  Opteron  chip. 


Microsoft  also  announced  the  phased  retirement  of  its  Win  2000  line 
beginning  April  1. 

Watch  this  space:  On  tap  for  testing  in  2004  is  a  detailed  look  at 
NetWare  7.0,  due  for  release  later  this  year;  we  look  at  how  Novell  is 
using  technology  gained  through  the  recent  SuSe  Linux  acquisition  in  its 
product  and  delivery.  Well  also  check  out  what  role  the  final  release  of 
the  Linux  2.6  kernel,  which  came  out  in  late  2003,  will  play  in  improving 
commercial  Linux  distributions.  We  also  plan  to  look  into  some  of  the  150 
new  features  of  Apple's  OS/X  10.3  release  —  code-named  Panther  — 
in  the  near  future  to  pinpoint  any  that  might  be  enterprise-worthy.  Finally, 
we  plan  to  pick  apart  the  network  features  that  either  ship  with  Win  2003 
or  are  available  as  options.  Our  goal  is  to  see  how  they  might  fare  against 
point  products  that  purport  to  accomplish  the  same  end. 


Novell  NetWare  6.5 

Novell  began  its  move  toward  Linux  with  the  September  release 
of  NetWare  6,5.  While  the  vendor  hadn't  yot  ported  all  of  its  net¬ 
work  services  to  Linux,  our  testing  showed  that  its  preliminary 
open  source  add-ons  —  Apache,  MySQL  and  Perl/PHP  —  are 
well  integrated,  complemented  by  Novell's  mature  eDIrectory  ser¬ 
vices  and  managed  comprehensively  by  NetWare  iManager  2.0. 
NetWare's  evolution  as  an  open  source  platform  is  happening 
quickly  and,  in  our  opinion,  successfully  (DocFinder:  9834). 


Red  Hat  Linux  Advanced  Server  9 

This  Red  Hat  software,  stacked  up 
against  other  commercial  Linux  distribu¬ 
tions  based  on  the  UnitedLinux  platform, 
offers  more  hardware  support,  is  easier 
to  configure  and  offers  more  security 
options.  However,  it  was  somewhat  com¬ 
parable  on  performance  and  management 
(DocFinder:  9835). 


Apple  OS/X  10.2 

Apple's  first  serious  attempt  at  a  server  strategy  combines 
heretofore  unusual  concepts  for  Apple:  open  source  methodolo¬ 
gies,  open  (even  egalitarian)  connectivity,  an  industry-standard 
1U  form  factor  and  competitive  Web  application  development  ser¬ 
vices.  We  found  the  package  to  be  fast  and  manageable. 
Although  not  quite  as  polished  or  malleable  as  its  Linux  competi¬ 
tion,  the  Xserve  platform  coupled  to  OS/X  is  a  respectable  com¬ 
petitor  to  server  platforms  in  the  market  (DocFinder:  9858). 
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Winning  company:  Sanctum 
Wiring  product:  AppShield  4.0 


Typically  the  top  honor  in  this  category  goes  to  a 
security  vendor  that  ships  a  VPN  device,  network 
firewall  or  intrusion-detection  system  that  might 
provide  security  to  the  core  network.  We’re 
branching  out  this  year  with  Sanctum’s  AppShield. 

While  traditional  firewalls  thwart  network-level 
attacks,  they  do  little  to  address  gaping  holes  in 
Web  applications  through  which  intruders  can 
break  into  Web  sites  using  form  submissions  or 
URL  manipulations.  Enter  Web  application  fire 
walls,  a  new  class  of  security  product  that  attempts 
to  put  off  Port  80-focused  attacks  by  using  black¬ 
list-  and  whitelist-style  input  filtering. 

In  our  testing  of  six  softwarebased  Web  applica¬ 
tion  firewalls  conducted  last  summer,  AppShield 


Product 

UPDATE 

Sanctum  last  month  rolled  out  AppShield  4.5,  which 
includes  administrative  enhancements  that  let  you  define  dif¬ 
ferent  levels  of  administrative  roles  across  a  Web  server 
farm  and  define  application-specific  security  settings. 
Furthermore,  the  release  supports  new  security  settings 
including  Certificate  Revocation  Lists,  enhanced  SQL  injection 
protection,  and  authenticated  and  encrypted  communications 
between  the  console  and  the  engine. 

Watch  this  space:  Early  this  year,  we  published  the  results 
of  our  test  of  seven  Secure  Sockets  Layer  (SSL)  VPN  products 
(DocFinder:  9878),  Also,  last  week  we  ran  a  review  of  12  intru¬ 
sion-prevention  systems  (IPS),  the  assessment  for  which 
involved  deploying  and  managing  these  products  at  multiple 
sites  on  a  live  network  (DocFinder:  9879).  As  a  follow-up  to 
that  preliminary  test,  we  hope  to  run  a  comparative  technology 
test  to  ascertain  benefits  or  downsides  of  IPS  technology  com¬ 
pared  with  traditional  stateful  firewall  technology.  We  also  plan 
to  test  hardware-based  Web  application  firewalls  and  small 
office/home  office  firewall  products. 


edged  out  some  stiff  competition  because  —  in 
addition  to  fending  off  most  Web-based  attacks  we 
tossed  its  way  —  it’s  got  an  airtight  default  config¬ 
uration  and  a  cool 
dynamic  policy-genera¬ 
tion  feature  (www. 
nwfusion.com,  Doc- 
Finder:  9836). 

Sanctum’s  AppShield 
is  geared  toward  Web 
server  farm  deploy¬ 
ment,  as  evidenced  by 
its  fully  distributed 
architecture.  Product 
components  include  a 
crisp  Java-based  man¬ 
agement  console,  a 
configuration  server 
and  one  or  more  fire¬ 
wall  nodes. 


Because  AppShield 
can  run  in  a  proxy  mode,  it  provides  some  inter¬ 
esting  security-oriented  features  that  go  beyond 
the  usual  menu  of  application  firewall  options, 
Lab  Alliance  member  Thomas  Powell  notes.These 
features  include  URL  mapping  (including  regular 
express  matching), and  the  ability  to  globally  pro¬ 
hibit  direct  downloading  of  image  and  multime¬ 
dia  files,  often  dubbed  “leeching.”  Furthermore,  for 
preventing  repeated  attacks  that  violate  security 
policies,  AppShield  can  notify  a  Check  Point  fire¬ 
wall  that  a  particular  IP  address  should  be 
blocked  at  the  network  level.  It  uses  the  Open 
Platform  for  Security  standard  to  do  so. 

“This  interesting  feature  suggests  the  possibility 
of  application  firewalls  eventually  merging  with 
authorization  and  access-control  functionality  to 
provide  a  complete  application  security  frame¬ 
work,”  Powell  says. 


AppShield's 
features 
include  URL 
mapping 
and  the 
ability  to 
globally 
prohibit 
direct 
download¬ 
ing  of 
image  files. 


KaVaDo  InterDo  3.0 

InterDo  3.0  was  an  extremely  close  runner-up 
to  Sanctum's  AppShield  in  our  Web  application 
firewall  test.  KaVaDo  earned  accolades  specifical¬ 
ly  for  the  product's  deployment  flexibility,  its  abil¬ 
ity  to  set  up  and  support  multiple  users  with  dif¬ 
ferent  administrative  privileges  and  its  built-in 
SSL-encrypted  communication  used  between  dis¬ 
tribute  nodes  and  its  centralized  management 
platform  (DocFinder:  9836). 


Internet  Security  Systems  Proventia  A201 

The  ISS  Proventia  appliance  was  the  top  performer  in 
our  second  60-day  “In  the  Wild"  test  of  IDS  products.  In 
this  test,  a  field  of  five  contenders  attempted  to  fend  off 
the  onslaught  of  Internet-borne  viruses  we  saw  this  past 
summer.  Proventia  was  the  top  vote-getter  because  it 
has  the  most  powerful  management  and  analysis  tool  kit. 
With  the  tool  kit,  our  testers  could  dig  down  into  the  vast 
database  of  security  events  and  discern  which  events 
warranted  immediate  action,  needed  to  be  watched  over 
time  or  should  be  ignored  (DocFinder:  9837). 


Network  Associates  IntruShield 

During  the  eligibility  period  for  the  2003 
Best  of  the  Tests  Award,  we  conducted  a 
bench  performance  test  to  see  if  IDS  prod¬ 
ucts  could  catch  attacks  flowing  by  them 
at  gigabit  speeds.  IntruVert's  IntruShield 
—  a  company  and  product  Network 
Associates  acquired  last  spring  —  out¬ 
performed  the  competition  by  detecting 
the  greatest  number  of  attacks  in  every 
test  (DocFinder:  9838). 
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Introducing  a  new  era  of  secure,  corporate  business  freedom 
and  flexibility  —  Nokia  Mobile  Connectivity  solutions. 

provide  secure,  appropriate  access  to  corporate 
email  and  applications.  Enterprises  will  discover  new  f  ^ 

levels  of  efficiency  from  their  workforce,  while  || 
giving  them  greater  freedom  to  manage  their  business 
and  personal  lives.  All  solutions  are  easy  to  deploy 
and  manage,  are  based  on  award-winning  technology 
and  are  backed  by  Global  Support  and  Services.  || 

So  if  you  want  greater  working  freedom  that’s  IT 
approved,  go  ahead  and  escape. 
Visitwww.nokia.com/mobileaccess/americas 

NOKIA 

Connecting  People  Hi 


Employees  throughout  an  enterprise  want  to  be 
more  mobile  and  productive  —  and  this  can  be 
realized  thanks  to  Nokia  Mobile  Connectivity  solutions. 
CIOs  and  IT  managers  can  provide  the  mobility  and 
security  of  anytime,  anywhere  access  to  users  — 
while  empowering  everyone  from  the  CEO  to  field 
salesforce  teams  with  the  information  needed  to  do 
their  work  where  and  when  they  choose.  Nokia 
Mobile  Connectivity  solutions  include  a  range  of  IPSec- 
and  SSL-based  client  and  gateway  products  that 
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SECURITY  MANAGEMENT: 


Security  event,  patch,  policy  and  client  management  tools 


Bestlests 


Winning  company:  ArcSight 


NetworkWorid02OO3  Mm  product:  ArcSight  2.5 


ai*.  i-1"1';' 
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Taking  into  account  the 
ever-growing  number  of  secu¬ 
rity  devices  you  can  put  on 
your  network,  you’d  be  hard 
pressed  to  find  enough  hours 
in  the  day  to  even  look  at  all 
the  data  regarding  potential 
hacks  these  mechanisms  are 
throwing  your  way 

That’s  exactly  why  we  put 
security  event  management 
products  on  our  testing  roster 
last  year  and  selected  one  of 
them  as  our  winner  in  this 
category  Managing  the  alerts 
or  logs  on  security  events, 
such  as  blocked  packets, 
failed  logons  or  attempted 
exploits,  is  the  next  necessary 
step  in  the  evolution  of  the  corporate  security 
infrastructure. 

Based  on  our  testing,  the  best  product  in  the 
umbrella  security  management  category  was 


ArcSight 

M2. 5 


MS ijW* 


ArcSight  was  selected  a  winner 
for  its  ease  of  use  and  its  over 
all  flexibility  in  terms  of  infor¬ 
mation  it  could  collect. 


Product 

UPDATE 


The  company  has  not  upgraded  ArcSight  2.5  since  its  late 
October  2003  release. 


Wateh  this  space:  The  hot  testing  spots  for  us  this  year 
are  the  advancements  in  vulnerability  assessment,  patch 
management,  security  auditing  and  policy  management  tech¬ 
nologies.  Well  test  single  products  that  offer  unique 
approaches  to  these  tasks  throughout  the  year  and  plan  a 
comparative  review  late  in  the  year  for  products  that  offer  a 
combination  of  these  security  management  techniques. 
Additionally,  well  test  tools  that  specifically  focus  on  helping 
network  managers  lock  down  distributed  client  machines. 


ArcSight’s  ArcSight  2.5  (www. 
nwfusion.com,  DocFinder: 
9847). 

In  our  December  2003  test 
of  five  security  event  man¬ 
agers,  Lab  Alliance  member 
Mandy  Andress  gave  ArcSight 
2.5  accolades  for  its  ease  of 
use,  facilitated  by  a  slick  user 
interface,  and  its  overall  flexi¬ 
bility  in  terms  of  the  informa¬ 
tion  it  could  collect  and  how 
it  could  parse  and  present 
that  data. 

The  interface  is  surprisingly 
easy  to  use  when  you  consid¬ 
er  what  you  can  do  with  it.You 
can  configure  your  workspace 
with  any  number  of  graphs 
and  views,  all  completely  customizable.  You  also 
can  drill  down  to  more  detailed  information  at 
just  about  every  point,  turning  any  data  into  a 
graph. 

ArcSight  2.5  can  run  in  either  agent  or  agent¬ 
less  mode.  However,  you  do  miss  some  function¬ 
ality  with  the  latter.  If  you  go  with  the  former, 
ArcSight  offers  a  top-notch  agent  installation 
process.  The  agent  install  program  looks  the 
same  across  platforms,  provides  a  full  list  of 
devices  to  select  and  includes  detailed  installa¬ 
tion  instructions. 

In  addition,  using  ArcSight’s  Flexagent  feature, 
you  can  support  proprietary  or  unsupported 
logs.  Flexagent  lets  you  quickly  parse  a  log  file  to 
use  in  filters  and  correlation  rules. 

While  a  different  combination  of  security 
infrastructure  products  from  that  which  we 
tested  might  need  different  information  corre¬ 
lation  tools,  ArcSight  lands  on  top  with  its  ease 
of  use,  device  support  and  flexibility,  overall. 


PatchLink  PatchLink  Update  4.0 

In  our  test  of  Windows  patch  management  point  products,  PatchLink's  Update  4.0 
earned  top  honors  for  its  ease  of  use,  flexibility,  automation  and  because  it  lets  you 
easily  create  deployment  packages.  We  especially  like  features  that  let  you  cache 
critical  patches  on  the  Update  server  and  its  ability  to  let  administrators  configure 
groups  of  machines  with  baseline  patch  settings  (DocFinder:  9848). 


Poiivec  Builder,  Scanner  and  Enforcer 

Polivec’s  suite  of  security  management  tools  eases  the  hassles  associated  with 
establishing,  maintaining  and  enforcing  security  policies  across  a  corporate  network. 
Builder  is  the  strongest  component  of  the  suite,  with  a  GUI  that  helps  you  quickly 
develop  an  enterprise  security  policy  according  to  best  practices  for  physical  secu¬ 
rity,  e-mail  security,  network  access,  remote  access,  authentication,  incident  re¬ 
sponse  and  security  training  (DocFinder:  9849). 
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Read  the  IT  chart.  You’ve  got  serious  problems. 

Porn  may  be  the  most  visible,  but  it’s  only  one  of  your  worries.  See  more  clearly  with  Websense  Enterprise? 
the  most  comprehensive  solution  for  protecting  your  network  from  threats  that  appear  as  employee  computing  and 
the  Internet  converge.  You  don’t  have  to  rely  on  20/20  hindsight. 

For  a  free  white  paper  on  Emerging  Threats  in  Employee  Computing 
or  to  assess  your  risks  visit  www.websense.com/checkup. 
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Director-class  switches,  workgroup  and  enterprise  NAS  devices 


BestTests 


Winning  company:  Cisco 


Winning  product:  Multilayer  DataCenter 

NetworkWorid©>2003  switch  9509 _ 


Cisco's  MDS 
achieved  wire- 
speed  through¬ 
put  for  small 
and  large 
frames  at  a 
rate  of  2G 
bit/sec. 


Almost  like  New  Year’s  Eve  fireworks,  Cisco 
marked  its  rather  tardy  entrance  into  the  director- 
class  switch  market  with  a  big  bang  right  around 
the  beginning  of  2003. 

In  our  exclusive  tests  conducted  by  Lab  Alliance 
partner  Miercom,  Cisco’s  Multilayer  DataCenter 
Switch  (MDS)  9509  simply  knocked  our  socks  off 
(www.nwfusion.com, 
DocFinder:  9851).  It  regis¬ 
tered  performance  num¬ 
bers  we  had  never  before 
seen  for  this  type  of  stor¬ 
age  gear.  The  112-port 
MDS  9509  —  designed 
from  the  ground  up  by 
Andiamo  Systems,  a 
Cisco-funded  develop¬ 
ment  project  — 
achieved  wire-speed 
throughput  for  small  and 
large  frames  at  a  rate  of 
2G  bit/sec. 

With  the  MDS  9500 
series,  Cisco  introduced 
its  virtual  storage-area 
networks  (VSAN)  tech¬ 
nology  to  the  director- 
class  switch  market. 
VSAN  technology  lets  you  partition  your  SAN 
much  like  virtual  LAN  technology  lets  you  parti¬ 
tion  your  LAN  resources.  So  if  one  VSAN  serviced 
by  the  MDS  9509  experiences  trouble,  it  doesn’t 
affect  the  other  VSANs  defined  within  the  switch’s 
purview.  VSAN  technology  also  adds  to  the 
switch’s  scalability  and  the  creation  of  multiple 
SAN  “islands,”  eliminating  the  need  to  use  a  sepa¬ 
rate  switch  fabric  for  different  applications. 


In  addition  to  its  top  performance  numbers  and 
its  VSAN  capabilities,  the  MDS  9509  ships  with 
some  excellent  multifaceted  management  wares 
—  at  no  extra  cost,  which  is  a  rarity  with  this  prod¬ 
uct  class  —  and  offers  some  unique  non-disrup- 
tive  redundancy  features. 


Product 

UPDATE 


In  November,  Cisco  introduced  several  capabilities  for  its 
MDS  9000  family  storage  switches.  Included  in  the  new  fea¬ 
tures  is  the  ability  for  servers  in  different  VSANs  to  share 
disk  or  tape  storage,  in  addition,  you  now  can  set  quality  of 
service  and  prioritize  traffic  dynamically.  The  new  switches 
also  let  Fibre  Channel,  iSCSI,  fibre  Channel  over  IP  and  Fibre 
Connection  be  mixed  on  the  same  switch.  The  company  also 
announced  a  new  version  of  its  SAN  operating  system,  which 
includes  centralized  management  of  multiple  SAN  fabrics, 
discovery,  health  and  event  monitoring,  and  historical  perfor¬ 
mance  monitoring. 

Also,  when  we  tested  the  switch,  Cisco  had  only  announced 
its  reseller  deal  with  IBM.  Since  that  time,  EMC,  Hitachi  Data 
Systems,  HP,  Network  Appliance  and  Xiotech  have  struck  up 
deals  to  sell  the  MDS  9000  series  of  switches. 


Watch  this  space:  In  the  spring,  we  plan  to  see  how 
director-class  switches  offered  by  Brocade  Communications, 
CNT  and  McData  measure  up  to  the  bar  that  Cisco  has  set. 
We  also  plan  to  run  a  series  of  In  the  Wild  tests  for  disaster- 
recovery  products.  We  expect  to  test  iSCSI-based  products 
in  our  own  labs  and  report  exclusively  on  the  interoperability 
testing  to  be  conducted  by  the  NetWorld+Interop  iLabs  engi¬ 
neers.  We  also  hope  to  run  a  test  of  storage  virtualization 
software  this  spring  and  test  multi-protocol  storage  con¬ 
trollers  in  the  fall. 


■  ■ 
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HP  StorageWorks  NAS  b2000 

Inline  FileStorm  4550 

EMC  Celerra  NS600 

Snap  Appliance  Snap 

ndpmml 

This  HP  product  was  the  top  performer  in 

This  product  earned  a  finalist  spot  be- 

In  our  review  of  EMC’s  new  mid- 

Server  14000 

our  test  of  mid-range  Windows-powered 

cause  it  offers  some  innovative  features  in 

range  NAS  device,  we  concluded  that 

This  product  was  the  top 

■  HRBHB 

network-attached  storage  (NAS)  wares. 

the  Windows  NAS  arena.  TruMask  is  soft- 

the  NS600  embodied  a  number  of 

performer  in  our  test  of 

CO 

While  it  narrowly  boat  out  Windows-based 

ware  that  enables  logical  unit  number 

features  typically  reserved  for  high- 

midrange  open  source  NAS 

competitor  Inline  Filestorm,  when  you  com- 

masking  on  an  Inline  storage  cabinet  for 

end  NAS  devices,  such  as  extensive 

servers.  The  Snap  Server 

es 

pare  its  numbers  with  the  midrange  Linux- 

security  purposes,  while  TruMap  is  a  tea- 

hardware  redundancy  and  high-avail- 

14000  especially  stood  out 

based  filers  we  tested  separately,  the 

ture  that  maps  storage  resources  to  spe- 

ability  measures.  With  its  $162,000 

for  its  redundancy  features 

8LJL«» 

StorageWorks  box  trounced  the  open 

cific  physical  ports.  Finally,  TruCache  lets 

price  tag  for  IT  byte  of  capacity,  the 

and  slick  installation  wizard 

source  competition.  Wo  also  were  im- 

redundant  disk  controllers  mirror  one 

NS600  offers  an  alternative  to  com- 

(DocFinder:  9861). 

pressed  that  the  HP  box  was  impervious  to 

another,  providing  instantaneous  failover  in 

petitive  products  that  can  cost  more 

the  simulated  denial-of-service  attacks  we 

the  event  of  disk  controller  failure 

than  S250.000  (DocFinder:  9853). 

threw  its  way  (DocFinder:  9852). 

(DocFinder:  9852). 
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Hitt  White  raper!  rnht  White  Paper  Center  and  Network  Room  Infrastructure 


"Determining  Total  Cost  of  Ownership 
for  Data  Center  and  Network 
Room  Infrastructure" 

Just  mail  or  fax  this  completed  coupon 
)r  contact  APC  for  your  FREE  white 

taper  "Determining  Total  Cost  of 
Ownership  for  Data  Center  and 
Network  Room  Infrastructure." 

Also  receive  our  FREE  InfraStruXure" 
trochure  Better  yet,  order  both  today 
« the  APC  Web  site! 


http://promo.apc.com 


Key  Code 

p  7  9  8y 


(888)  289-APCC  x3082  •  FAX:  (401)  788-2797 


Legendary  Reliability® 


□  YES!  Please  send  me  my  FREE  white  paper  and  InfraStruXure”  brochure. 

□  NO  ,  I'm  not  interested  at  this  time,  but  please  add  me  to  your  mailing  list. 


Name: 


Title: 


Company: 

Address: 

Address  2: 

City/Town: 

State: 

Zip: 

Country: 

Phone: 

Fax: 

E-mail: 

I  I  Yes!  Send  me  more  information  via  e-mail  and  sign  me  up  for  APC  PowerNews  e-mail  newsletter.  |  Key  Code  p798y  | 
What  type  of  availability  solution  do  you  need? 

□  UPS:  0-1 6kVA  (Single-phase)  □  UPS:  10-80kVA  (3-phase  AC)  □  UPS:  80+  kVA  (3-phase  AC)  □  DC  Power 

□  Network  Enclosures  and  Racks  □  Precision  Air  Conditioning  □  Monitoring  and  Management 

□  Cables/Wires  □  Mobile  Protection  □  Surge  Protection  □  UPS  Upgrade  □  Don't  know 
Purchase  timeframe?  □  <  1  Month  □  1-3  Months  □  3-12  Months  □  1  Yr.  Plus  □  Don't  know 
You  are  (check  1):  □  Home/Home  Office  □  Business  (<1000  employees)  □  Large  Corp.  (>1000  employees) 

□  Gov't,  Education,  Public  Org.  □  APC  Sellers  &  Partners 
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InfraStru  ure 


POWER  RACK  COOLING 


On-demand  architecture  for  network 
critical  physical  infrastructure 


From  system  downtime  to  cabling  messes, 
new  APC  InfraStruXure  solves  your  IT  problems 


You  no  longer  need  to  design  your  data  center  using  a  costly,  complicated 
approach.  Introducing  APC  InfraStruXure™,  on-demand  architecture  for  network- 
critical  physical  infrastructure  (NCPI).  Whether  you  are  designing  a  wiring  closet  or 
even  a  large  data  center,  InfraStruXure 's  modular  archi¬ 
tecture  quickly  and  easily  solves  your  top  IT  problems. 

With  InfraStruXure;  you  can: 

Turn  System  Downtime  into  Turn  Complicated  Systems  into 


Results  from  an  actual  InfraStruXure™  installation: 

>  Standardization  reduced  human  error  by  60%  * 

>  Equipment  and  management  costs 
reduced  by  20%  * 

>  Enhanced  security  and  systems  stabilization 

* Depending  on  the  installation,  individual  results  may  vary. 


SYSTEM  AVAILABILITY 

•  Rack  enclosures  provide  a  secure 
environment  for  all  IT  equipment 

•  Integrated  cooling  system  ensures 
optimal  equipment  performance 

•  Proactive  management 
of  the  system  prevents 
potential  problems 

•  Built-in  redundancy  means 

no  need  to  buy  a  second  UPS 


EASY-TO-USE  SOLUTIONS 

•  Vendor-neutral  racks  are  compatible 
with  equipment  from  all  major  vendors 

•  InfraStruXure” eliminates  the  need 
for  raised  floors  and  extensive 
engineering 

•  You  buy  only  what  you  need  now, 
with  the  option  to  easily  expand 

•  Configure-to-Order  process  ensures 
you  get  the  solution  that  is  right 
for  you 


To  find  out  more,  visit  us  today  at  www.apc.com 


We  wanted  an  upgradeable 
solution  that  could  scale  through 
changes  and  still  offer  us  long-term 
value.  InfraStruXure's  modular 
approach  makes  it  easy  to  upgrade 
anytime...  The  hot-swappable,  mod¬ 
ular  components  of  InfraStruXure 
make  maintenance  easy  and  cost  effective. 

-  Vince  Pombo,  Vice  President  of  Engineering 
Rich  Flanders,  Director  of  Engineering 

Time  Warner  Cable 


White  Paper  on  "Determining  Total  Cost  of  Ownership  for  Data  Center 
and  Network  Room  Infrastructure"  and  Free  InfraStruXure™  Brochure 

Visit  httpV/promojpcxem  Key  Code  p798y  •  Call  888-289-APCC  x3082  •  Fax  401-788-2797  Legendary  Reliability 
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Winning  company:  Visual  Networks 

NetWOrkWorld02OO3  Wnnhg  product:  Visual  UpTime  7.1 


Visual  Networks  remains  at  the  top  of  the  heap 
in  providing  products  that  help  maintain  WAN 
links  at  their  peak  levels.  Its  tools  alert  you  when 
outages  occur,  pinpoint  the  root  cause  of  the 
outage  and  help  you  re-establish  communica¬ 
tions  as  quickly  as  possible.  Reports  provide  uti¬ 
lization  trends,  outage  statistics  and  service-level 
agreement  compliance. 

“Although  it  only  works  with  Visual  Networks’ 
DSU/CSU  devices,  Visual  UpTime’s  precise  and 
accurate  monitoring  ability  is  unsurpassed,” 
writes  Barry  Nance  of  the  Lab  Alliance.“Its  many 
reports  are  practical  and  well  designed,  the  user 
interface  is  intuitive,  and  it  scales  well.” 

While  all  products  we  tested  in  the  WAN  link 
management  market  performed  well,  they  didn’t 
have  the  level  of  detail  or  monitor  as  closely  as 


Iks  View  Jett©  Troubleshoot Iroj  Update  Toolset 
Network  Cortguabon  1  Event  Pioowaa  J  Ttot 


View:  Protocol* 


Aooees  Channel  utilisation  by  Protooo!  (% of  1636  nope) 
IP  Claes  of  Service:  Cold 


Product!  JPDATR 


In  October  2003,  Visual  launched  its  UpTime  Select  offering,  a  set  of 
“dumb"  network-access  devices  that  can  be  "smartened  up"  later  if  cus¬ 
tomers  want  to  collect  and  analyze  data  on  the  WAN  links.  The  UpTime  Select 
gear  lets  customers  buy  the  ASE  devices  without  the  data  collection  and 
analysis  software.  If  they  need  them  later,  the  customers  can  just  pay  the 
license  fees  to  "turn  on"  these  features.  The  UpTime  Select  offering  is  sold  in 
four  modules:  Real-Time  Troubleshooting,  Back-in-Time,  Traffic  Capture  and 
Class  of  Service  (see  related  story,  page  77). 

Watch  this  space:  Monitoring  WAN  links  continues  to  be  worrisome  for  network 
executives,  but  preventing  WAN  links  from  becoming  congested  in  the  first  place  is 
also  a  concern.  Expect  to  see  many  quality-of-service  (QoS)  vendors  continue  pro¬ 
ducing  products  that  aim  to  compress  data  traffic  and  prioritize  high-revenue  (aka 
transactions)  and  other  mission-critical  data  over  traffic  such  as  Web  surfing  and 
e-mail.  We  plan  to  revisit  QoS  and  bandwidth-shaping  products  that  aim  to  prevent 
WAN  links  from  becoming  congested  in  the  first  place. 


Visual  UpTime  (www.nwfusion.com,  DocFinder: 
9854). 

The  key  to  Visual’s  success  is  the  close  rela¬ 
tionship  between  software  and  the  Visual  ASE 
devices  (what  Visual  calls  its  DSU/CSUs).  The 
combined  system  measures  link  availability  and 
activity  on  a 
second-by- 
second  basis 
for  each  data 
link  connec¬ 
tion  identifier. 

It  could  in¬ 
form  us  of  the 
network’s  cur¬ 
rent  status 
without  suck¬ 
ing  up  much 
bandwidth  in 
the  process. 

The  system’s 
accuracy  is 
another  high 
point,  as  it 
could  provide 
a  precise 
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measurement 
of  network  delay  for  each  permanent  virtual  cir¬ 
cuit.  It  does  all  this  through  a  responsive  and 
intuitive  user  interface  that  fits  the  workflow  and 
individual  tasks  within  a  large  network  opera¬ 
tions  center.  Its  ability  to  print  a  network  config¬ 
uration  report  that  documented  changes  and 
our  work  was  just  the  icing  on  the  cake. 


Visual  UpTime 
was  selected  as 
an  award 
winner  because 
of  its  level  of 
detail  and  close 
monitoring. 


Concord  Communications  eHealth  Version  5.6 

Wo  highly  recommend  this  product  for  companies  with  hetero¬ 
geneous  networks.  The  eHealth  package  includes  superior  reports 
and  an  amazing  breadth  of  recognized  and  supported  devices  to 
help  monitor  your  company's  WAN  links.  Its  four  modules  can  mon¬ 
itor  the  performance  and  availability  of  WAN  interfaces,  routers, 
switches,  frame-relay  circuits  and  remote-access  equipment.  Its 
System  Health  module  can  monitor  servers  and  clients  to 
alert  administrators  to  application  performance  problems,  server 
crashes  and  disk  space  shortages.  The  breadth  of  its  ability  to  rec¬ 
ognize  and  understand  more  than  900  management  information 
base  definitions  continues  to  amaze  us.  Its  Network  Health  module 
could  efficiently  and  accurately  collect  network  statistics  from 
DSU/'CSUs  on  our  WAN  links  (DocFinder:  9854). 


Adtran  N-Form  1.4 

We  liked  that  Adtran  added  traffic-shaping 
features  to  its  system.  When  you  combine  the  N- 
Form  software  with  Adtran's  IQ  7150  traffic¬ 
shaping  DSU/CSUs,  you  get  the  ability  to  recog¬ 
nize  application-specific  traffic  and  prioritize  the 
traffic  during  busy  periods  (in  addition  to  moni¬ 
toring  WAN  links  for  availability).  The  software 
could  recognize  more  than  300  different  kinds  of 
application-level  network  data  streams,  including 
Citrix  WinFrame,  HTTP  and  AOL  Instant  Mes¬ 
senger  traffic.  It  also  gave  us  frame  relay  met¬ 
rics  similar  to  Visual  UpTime,  but  without  as 
much  depth  (DocFinder:  9854). 


Network  Instruments  Observer  8.3 

The  version  we  saw  was  more  than  just  a 
protocol  analyzer  or  packet  decoder.  The  sys¬ 
tem  we  tested  could  accumulate  network 
activity  statistics  and  display  them  in  useful 
ways.  Along  with  the  vendor's  hardware  and 
software  probes,  Observer  could  collect  net¬ 
work  activity  statistics  from  the  probes  and 
poll  them  every  5  seconds  (by  default),  or 
even  every  2  seconds  if  you  wanted.  We  think 
this  is  the  perfect  tool  for  those  times  when 
you  might  need  to  drill  down  from  a  top-level 
summary  right  to  the  individual  problem  pack¬ 
ets  (DocFinder:  9854). 
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Winning  companes:  Airespace  and 
Aruba  Wireless  Networks _ 

Winning  products:  Airespace  AS4024 
and  Anita  5000  wireless  IAN  switches 


We ’re  still  not  sure  what  got  more  media  cov¬ 
erage  in  2003  —  was  it  Ben  and  J.  Lo  or  the  wire¬ 
less  LAN  switch?  (Hey,  what  magazines  are  you 
reading?)  For  those  who  were  reading  People, 
this  new  wireless  infrastructure  product  relies 
on  a  central  “switch"  that  can  regulate  features 
and  functions  of  access  points.  Several  new 
companies  launched  onto  the  network  scene  in 
2003  with  offerings. 


Aruba's  gear 
had  great 
security  and 
provisioning 
capabilities 
while 
Ai  respace's 
switch  had 
a  great 
combination  of 
performance 
and  manage¬ 
ment  features. 


When  we  completed  one  of  the  first  public, 
comparative  tests  of  this  new  class  of  products, 
we  declared  a  tie  between  Airespace’s  AS4024 
and  Aruba’s  5000  switches.The  Airespace  switch 
had  a  great  combination  of  performance  and 
management  features,  while  Aruba’s  gear  had 
great  security  and  provisioning  capabilities 
(www.nwfusion.  com,  DocFinder:  9855).  It  was 


too  difficult  for  us  to  declare  a  solid  winner  in 


this  space,  so  we’re  giving  both  products  our 
Best  of  the  Tests  Award. 


The  final  decision  for  your  company  should 
depend  on  whether  performance  and  manage¬ 
ment  of  the  product  is  more  important  than 
security  and  provisioning. 

For  Airespace,  the  product  achieved  maximum 
forwarding  rates  above  7M  bit/sec,  commonly 
understood  to  be  802.1  lb’s  theoretical  top  end. 


Airespace  attributes  the  high  rates  to  deliver-only 
point  coordination  functions  little-used  mecha¬ 
nism  in  the  802. 1 1  standard  that  allows  for  short¬ 
er  gaps  between  frames  than  those  in  the  more 
widely  used  distributed  coordination  function. 

“Airespace  has  the  fastest  and  most  tunable  ac¬ 
cess  points,  and  the  simplest  and  most  intuitive 
Web  interface,”  writes  Lab  Alliance  member 
David  Newman. 

For  Aruba,  the  5000  offered  the  most  compre¬ 
hensive  security  story“with  fine-grained  controls 
at  Layer  2  through  Layer  7,”  Newman  says. 

“Aruba’s  security  offerings  were  the  most  com¬ 
pelling,  from  its  own  VPN  client,  to  the  stateful 
firewall  on  its  switch,  to  its  ability  to  allocate 
bandwidth  on  a  per-user  basis.” 

Product  UPDATE _ 

In  December  2003,  Airespace  released  its  1200R  Remote  Edge  Access  Point, 
which  plugs  into  a  router,  gateway  or  cable  modem,  and  then  uses  a  modified 
version  of  its  proposed  Lightweight  Access  Point  Protocol  to  talk  to  the 
Airespace  4000  WLAN  switch.  The  1200R  can  download  from  the  switch  the 
appropriate  configuration  settings,  security  and  authentication  policies.  In 
November  2003,  Aruba  launched  the  Aruba  2400  Wi-Fi  switching  system,  a 
midrange,  centralized  WLAN  switch  aimed  at  “dense  building  environments.”  The 
2400  switch  complements  the  company's  800  switch  (branch  offices)  and  the 
5000  switch  (large  campus  networks). 

Watch  this  space:  Well  continue  to  see  more  wireless  "switches"  and  "routers” 
as  established  switch  vendors  get  into  the  market.  We  might  even  see  some  con¬ 
solidation  in  this  space  (we  wouldn't  be  surprised  to  see  an  acquisition  or  two). 
Ideally,  we’d  like  to  run  a  second  test  of  these  products  with  more  vendors  partici¬ 
pating.  Other  categories  in  the  802.11  world  are  emerging  and  we  plan  to  test 
products  in  each  area,  including  the  concept  of  mesh  networking  (Firetide,  Strix 
Systems),  ultralight  access  points  (Meru  and  Airflow),  and  smarter  antennas  (such 
as  Vivato  and  Bandspeed), 


Air  Magnet  AirMagnet  PDA 


Wild  Packets  AiroPeek  NX  and  RF  Grabber 


The  best  feature  of  AirMagnet’s  AirMagnet  PDA  application  was  that 
you  could  analyze  WLAN  traffic  while  walking  around  the  building  hold¬ 
ing  your  handheld.  With  some  of  the  other  analyzers  we  tested,  we  had 
to  use  bulky  notebooks.  While  notebooks  are  mobile,  they  can't  hold  a 
candle  to  a  small  handheld. 

The  AirMagnet  PDA  software  fit  the  bill  in  all  three  phases  of  WLAN 
analysis:  site  surveying,  access  point  deployment  and  troubleshoot¬ 
ing/auditing  once  the  system  is  set  up.  Making  good  use  of  an  HP  iPaq, 
the  system  had  a  strong  use  of  color  choices  and  understandable  icons 
that  made  us  rapidly  productive  with  the  tool.  When  we  grabbed  the 
AirMagnet  PDA  to  verify  the  testing  of  the  other  tools,  we  knew  we  had 
a  winner  (DocFinder:  9856). 


We  liked  this  product  for  having  a  long  list  of  com¬ 
patible  network  cards  —  in  addition  to  analyzing 
802.11b  networks,  the  product  could  monitor  802.11a 
and  802.11g  networks,  earning  high  marks  for  its 
WLAN  traffic  analysis.  The  RF  Grabber  option  gave  us 
an  impressive  access  point/remote  probe  that  acts 
like  a  probe  device  for  the  AiroPeek  NX  analyzer  appli¬ 
cation.  The  device's  strong  WLAN  monitoring  skills 
hover  above  other  analyzers  that  have  grafted  wire¬ 
less  analysis  onto  strong  protocol  analyzers 
(DocFinder:  9857). 


Network  Associates  Sniffer 
Wireless  PDA 

This  was  another  PDA-based  soft¬ 
ware  application  that  impressed  us 
for  features  that  you'd  expect  from 
a  Sniffer  product  —  packet 
decodes  and  expert  analysis.  Its 
stellar  packet  capture  and  decoding 
features  made  working  with  the 
product  a  joy.  Its  Expert  mode  lets 
users  get  a  rapid  idea  of  what  is 
going  on  in  the  wireless  network 
(DocFinder:  9856). 
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Winning  company:  IntraDyn 


Product 

UPDATE 


NetWOrkWorld02OO3  ^  product:  RocketVault 


In  November  2003,  IntraDyn 
launched  rack-mount  versions  of 
the  RocketVault,  in  1U  and  2U 
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Last  year  saw  three  themes  in  the  small-business 
technology  market:  back-up  and  data  protection, 
all-in-one  server  appliances  and  802.1  lg  wireless 
LANs. 

Our  winner  comes  from  the  first  area  —  back-up 
and  data  protection.  IntraDyn’s  RocketVault  im¬ 
pressed  us  for  its  ability  to  back  up  clients  and 
servers  automatically  and  send  specified  data  off 
site  (www.nwfusion.com,  DocFinder:  9850).  The 
shoebox-sized  device  includes  240G  bytes  of 


In  the  WLAN  space,  three  products  suitably 
impressed  us,  although  when  we  tested  them  the  final 
802.11g  standard  had  yet  to  be  finalized,  Still,  we  liked 
D-Link  Systems'  AirPlus  Xtreme  G  DI-624  four-port 
Wireless  Router  for  its  outstanding  performance  and 
range;  Belkin's  54g  Wireless  Cable/DSL  Gateway 
Router  for  its  ease  of  installation  and  management; 
and  Linksys'  WRT54G  Wireless-G  Broadband  Router 
for  its  consistency  across  different  wireless  modes 


(802.11b,  g  or  “mixed  mode"  b/g).  Other  products  that 
made  the  finalist  list  include  Microsoft's  Small  Business 
Server  2003,  a  substantial  improvement  over  SBS 
2000  that  should  satisfy  the  needs  of  small  offices 
with  multiple  PCs  but  no  central  file  server  or  IT  sup¬ 
port;  and  Toshiba's  Magnia  SG30  Wireless  Mobility 
Server,  an  all-in-one  appliance  that  wraps  server  func¬ 
tions,  backup,  WLAN  access  point  and  portal  access  in 
an  attractive  chassis, 


capacity  (up  to  IT  byte  on  higher 
models)  and  comes  close  to  pro¬ 
viding  enterprise-class  server 
back-up  automation  at  small-busi¬ 
ness  prices. 

“RocketVault  creates  a  new  cate 
gory  in  backup  products,”  writes 
Lab  Alliance  member  James 
Gaskin.  “Existing  tape  systems  are 
cheaper,  but  not  automatic.  Existing 

back-up  client  software  for 
sending  files  automatical¬ 
ly  to  servers  is  cheap,  but 
doesn’t  offer  offsite  stor¬ 
age.  RocketVault  com¬ 
bines  the  speed  and 
capacity  of  disk-based 
backup  with  the  secure 
offsite  storage  option  of 
tape.” 


sizes.  The  new  models  offer  Serial 
Advanced  Tape  Attachment  disk-to- 
disk  RAID  5  back-up  and  archiving 
technology,  and  range  in  storage 
capacity  from  640G  bytes  to  4T 
bytes,  Pricing  for  the  1U  starts  at 
about  S5,000,  with  the  2U  device 
starting  at  about  811,000. 
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Winning  company:  Apple 
Winning  product:  iSight  camera 

l\letWOrkWorldCS)2003  and  iChat  AV  software 


Product 

UPDATE 


Like  those 
BASF  TV  com¬ 
mercials, 
Apple  didn't 
make  the 
Webcam,  it 
made  it  better. 
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In  2002,  Apple  revolutionized  the  MP3  player 
market  with  its  iPod  music  player.  Apple  wasn’t 
the  first  company  to  produce  an  MP3  player,  it 
just  did  it  better. 

The  same  can  be  said  for  the  2003  Cool  Tools 
Best  of  the  Tests  Award  winner,  the  iSight  camera. 
Apple  wasn’t  the  first  company  to  make  a  Web¬ 
cam,  it  just  made  one  that’s  better  than  others 
we’ve  seen. 

Apple  is  well  known  for  style  and  design,  but  the 
technology  behind  the  camera  was  equally 
impressive.  A  Web  chat  over  a  broadband  connec¬ 
tion  (on  both  endpoints),  looked  and  sounded 
like  a  real-time  videoconference  with  equipment 


IBM  sent  us  the  impressive  ThinkCentre  s50,  the 
best  desktop  PC  we  saw  last  year.  The  s50  is  a  help 
desk  technician's  dream  —  the  desktop  is  a  “tool- 
less"  device  that  lets  a  user  change  components 
quickly  and  easily  without  the  use  of  a  screwdriver.  In 
the  handheld  device  space,  we  loved  the 
Palnv'Handspring  Treo  600,  the  first  "converged 


device"  that  truly  looked  and  acted  like  a  cell  phone, 
but  with  PDA  functionality  that  gave  us  serious 
thoughts  about  leaving  our  laptop  behind  on  our  next 
trip.  The  Palm  Tungsten  T3  PDA  was  the  best  PDA 
that  didn't  have  wireless  LAN  functionality  in  it.  We 
loved  the  convergence  of  a  cable  modem  and  a  wire¬ 
less  gateway,  in  the  Netgear  CG814. 


that  costs  thousands  of  dollars.The 
camera  connected  to  our  Mac¬ 
intosh  laptops  via  FireWire,  which 
helps  improve  picture  quality 
when  streaming.  The  camera  also 
does  auto-focus  the  right  way  — 
with  other  Webcams  we  spent  a  lot 
of  time  trying  to  adjust  the  focus 
manually  to  sharpen  the  picture. 

The  system  is  proprietary  at  the 
moment  —  to  get  the  outstanding  quality  video 
you  and  the  person  with  whom  you’re  chatting 
have  to  be  connected  to  Macintoshes.  But  you  can 
use  the  camera  with  other  software  to  do  chats 
with  people  in  the  Windows 
world  who  have  “regular” 
Webcams.  If  Apple  can  take 
that  technology  and  pro¬ 
duce  a  Webcam  that  works 
on  a  Windows  machine,  then 
it  could  take  over  this  market 
as  well  (DocFinder:  9877). 


At  the  time  we  tested  the  sys¬ 
tem,  it  was  in  beta,  as  was  the 
iChat  AV  software.  Both  products 
are  shipping  now,  and  iChat  AV 
(the  software  that  works  best  with 
the  camera)  is  included  with  Mac 
OS  X  (aka  Panther),  but  you  also 
can  buy  the  software  for  S29.95. 
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Network  World  Lab  Alliance 
members  share  their  secrets 
for  conducting  meaningful 
product  tests. 

By  Paul  Desmond 


DAN  PAGE 


tips 


Testers  best 

inding  the  products  that  will  best  fit  in  your  network  is  a  multi¬ 
faceted  process  that  involves  scanning  vendor  Web  sites, 
devouring  white  papers,  attending  trade  shows  and  reading 


trade  publications. 

But  once  you  come  up  with  a  short  list,  you 
might  find  that  conducting  a  product  test  is  the 
only  way  to  make  your  final  decision. 

Product  testing  is  something  of  an  art,  as  we  con¬ 
firmed  after  polling  the  14  members  of  the  Net¬ 
work  World  Lab  Alliance  for  tips  on  their  trade.The 
lab  alliance  is  the  group  of  industry  experts  that 
conducts  the  product  reviews  you  read  each  week 
in  Network  World.  For  this  special  issue,  Lab 
Alliance  members  offer  advice  for  your  testing 
efforts  that  includes  how  to  develop  sound  meth¬ 
odologies,  acquire  the  gear  you’ll  need  and  run 
tests  that  yield  accurate  results. 


A  valid  test  must  meet  three  requirements,  says 
David  Newman,  president  of  Network  Test  in  West- 
lake  Village,  Calif.:  It  must  be  repeatable,  stressful 
on  the  equipment  or  software  under  test,  and 
meaningful. The  last  criterion  is  the  most  difficult 
to  achieve,  he  says,  but  the  secret  is,  “Test  like  you 
deploy  and  deploy  like  you  test.” 

While  that  might  seem  like  a  tall  order,  the  good 
news  is  that  enterprise  tests  don’t  need  to  produce 
piles  of  data  to  be  useful, says  Joel  Snyder, principal 
with  Opus  One  in  Tucson,  Ariz.  For  example,  a  VPN 
test  only  needs  to  focus  on  two  sets  of  numbers: 
performance  using  your  typical  mix  of  packet  sizes 


and  traffic  types,  and  performance  under  a  “worst- 
case”  scenario,  with  peak  traffic  loads. 

A  method  to  the  madness 

Running  a  test  that  will  get  you  meaningful 
results  starts  with  creating  a  sound  test  methodol¬ 
ogy  Before  devising  a  methodology  talk  to  peers 
within  and  outside  your  organization  about  how 
the  product  will  be  used  and  what  features  are 
most  important,  lab  alliance  members  say 

Product  vendors  are  another  good  source  of 
methodology  information. “More  than  once,  feed¬ 
back  from  vendor  engineers  has  stopped  us  from 
doing  something  really  stupid,”  Newman  says,  not¬ 
ing  that  any  vendor’s  attempt  to  spin  a  test  in  its 
favor  is  typically  transparent.  He  also  says  the  IETF 
Benchmarking  Methodology  working  group  is  a 
good  source  for  methodologies  and  the  Coop¬ 
erative  Association  for  Internet  Data  Analysis  for 
measurement, performance  monitoring,  workload 
and  other  tools. 


EQUIPMENT 

ESSENTIALS 

Asked  to  name  what 
lab  equipment  they  con¬ 
sidered  essential,  many 
Lab  Alliance  members 
mentioned  tools  from 
test  equipment  vendors 
such  as  Empirix,  Fluke, 
boa  and  Spirent  But  we 
also  got  some  creative 
answers  including  these. 


Joel  Snyder,  Opus  One: 

•  A  Microsoft  Developer  Network  sub¬ 
scription,  for  access  to  Microsoft  products. 

•  Cisco  SmartNET  support  service,  vital 
in  the  network  business. 

•  A  good  networked  KVM  system, 

enabling  control  of  many  computers  from  a 
single  console. 

•  VMware  virtual  machine  software, 

enabling  one  server  to  emulate  up  to  10 
servers. 

•  Symantec  Ghost,  to  distribute  a  single  PC 
image  to  many  machines. 


•  Color-coded  patch  cables,  with  the 
length  marked  on  each  end. 


David  Newman, 
Network  Test: 

•  Web  Polygraph: 

mimics  a  large 
number  of  clients 
making  requests 
of  a  Web  server 
through  a  cache, 
fortesting  proxy 
caches. 

•  Tcpdump:  a  tool 
for  capturing  net¬ 
work  traffic. 

•  Ethereal:  a 

graphical  protocol 
analyzer. 


Greg  Goddard,  EDS: 

•  Iperf:  for  measuring  TCP 
and  UDP  bandwidth 
performance. 

•  NIST  Net:  IP  network  emu¬ 
lation  software  from  the 
National  Institute  of 
Standards  and  Technology. 


Mandy  Andress, 

ArcSec  Technologies: 

•  For  security  tests,  you  need 
lots  of  different  operating 
systems  and  applications 
that  are  full  of  vulnerabilities, 
along  with  a  packet  generator. 


Thomas  Powell,  PINT: 

•  A  variety  of  TCP  and 
HTTP  inspection  tools 

come  in  handy  for  moni¬ 
toring  Web  application 
traffic.  “I  find  HTTP 
level  monitors  like 
[Simtec's]  HttpWatch 
that  plug  into  Internet 
Explorer  particularly 
useful.  Similar  tools  for 
Mozilla  are  also  helpful." 
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Network  World  Lab 
Alliance 


Mandy  Andress,  president, 
ArcSec  Technologies 


Focus  area:  Security 
software. 


John  Bass,  technical 
director,  North  Carolina  State 
University  Centennial 
Networking  Lab 

Focus  areas:  Midrange 
switches,  server  hardware. 


Travis  Berkley,  supervisor 
for  LAN  support  services, 
University  of  Kansas 

Focus  areas:  Messaging, 
collaboration. 


Jeffrey  Fritz,  director  of 
enterprise  network  services, 
University  of  California,  San 
Francisco 

Focus  areas:  High-end 
switching. 


James  Gaskin,  principal, 
Gaskin  Consulting 

Focus  area:  Small 
office/home  office  products. 


Greg  Goddard,  testing 
consultant,  EDS 

Focus  areas:  Compression. 
QoS.  route  optimization. 


Ed  Mier,  founder  of  the  Miercom  testing  firm  in 
Princeton  Junction,  N. I,  says  vendors  “provide  ex¬ 
cellent  insight,  intelligence  and  feedback  about 
what  to  look  for  in  the  particular  product  class,” 
often  by  pointing  out  a  competitor’s  weaknesses. 

ISPs  and  carriers  also  can  prove  to  be  valuable 
resources  when  developing  methodologies,  says 
Thomas  Henderson,  managing  director  of  Ex- 
tremeLabs  in  Indianapolis. 

Setting  up  the  lab 

With  methodology  in  hand,  the  next  step  is  to 
create  a  lab  environment  that  mimics  what  the 
product  will  experience  in  your  production  net¬ 
work.  The  goal  is  to  create  a  high-density,  high- 
capacity  environment,  Newman  says.  “You  want 
the  test  to  be  bigger,  stronger  and  faster  than 
whatever  it  is  you’re  testing,”  he  says. 

In  some  cases,  you  might  even  want  to  use  the 
production  network  when  running  tests,  says 
Jeffrey  Fritz,  director  of  enterprise  network  ser¬ 
vices  at  the  University  of  California, San  Francisco. 
“We  set  up  devices  in  the  lab  and  work  with  them 
for  a  while,  until  we  know  they’re  fairly  safe,  then 
connect  the  lab  network  to  the  production  net¬ 
work,”  says  Fritz,  who  tests  high-end  switches  for 
Network  World. 

Christine  Fterey  president  of  Perey  Research 
&  Consulting  in  Placerville,  Calif.,  fol¬ 
lows  much  the  same  tack  when  test¬ 
ing  collaboration  tools.  In  her  lab, 
she  has  gear  that  might  be 
found  in  a  branch  office.  For 
the  enterprise  view,  she  lever¬ 
ages  connections  with  large 
companies  or  academic  in¬ 
stitutions. 

Henderson  uses  an  ISP’s  net¬ 
work  operations  center  for  cer¬ 
tain  tests,  a  strategy  he  said  enter¬ 
prise  users  might  likewise  be  able  to 
employ  “In  some  cases,  they’re  very 
interested  in  test  outcomes,”  Henderson  says, 
citing  a  wireless  equipment  test  he  conducted  last 
year.  Universities  also  might  be  willing  to  play  ball 
on  tests  with  user  organizations,  he  notes.  “Some 
universities  have  a  diverse  infrastructure  that  mim¬ 
ics  those  in  industry  meaning  they  didn’t  buy  all 
the  same  equipment  on  the  same  dayf’he  says. 

If  you  want  to  conduct  the  test  on  your  own, you 
likely  will  find  it  tougher  to  acquire  necessary 
equipment  than  do  Lab  Alliance  members. 
Vendors  of  test  equipment  such  as  traffic  genera¬ 
tors  will  offer  up  their  gear  free  of  charge  for  a 
mention  in  a  published  review,  but  you  likely 
won’t  have  that  luxury  (unless, of  course, you  want 
to  partner  with  Network  World  and  agree  to  dis¬ 
close  your  test  results,  in  which  case  Lab  Alliance 
Director  Christine  Burns  would  be  happy  to  talk  to 
you).  On  the  other  hand,  a  number  of  free  open 
source  tools  are  available  for  tasks  such  as  testing 
proxy  caches  and  capturing  network  traffic  (see 
“Equipment  essentials,”  page  71). 

To  acquire  other  equipment  for  your  test  lab, 
such  as  servers,  switches  and  routers,  several  Lab 
Alliance  members  recommend  eBay  and  net¬ 
work  hardware.com.  “We  buy  almost  everything 
we  can  on  eBa^’ Snyder  says.  The  key  is  to  start 
early  “If  you’re  patient,  you  can  always  get  a  great 
deal,” he  says.  He  cites  the  four  Extreme  Networks 


Summit  48  switches  he  bought  for  $500  to  $600 
apiece,  much  less  than  the  “Buy  it  now”  price  of 
$900  to  $1,200. 

Quality  results 

When  it  comes  to  running  the  actual  tests,  ad¬ 
vice  from  Lab  Alliance  members  is  as  varied  as 
the  types  of  products  they  test.  But  when  asked 
how  many  times  they  generally  run  a  test  to  en¬ 
sure  accurate  results,  their  answers  were  surpris¬ 
ingly  consistent: Three  times  is  the  charm. 

Mier  says  he  likes  to  test  three  times  or  use  three 
different  testers.  Henderson  runs  at  least  three  iter¬ 
ations  of  performance  tests  to  ensure  results  are 
consistent  and  will  scrap  a  test  entirely  if  he  can’t 
get  the  results  to  fall  within  a  5%  margin  of  error  in 
terms  of  consistency 

“We  do  everything  we  can  at  least  three  times 
in  a  row  and  hopefully  repeat  all  tests  separated 
by  a  day  and  in  a  different  order.  If  the  tests  agree, 
then  at  least  you  know  you’ve  got  repeatability 
Snyder  says.  He  points  out  that  this  does  not  nec¬ 
essarily  mean  you’ve  learned  anything  about  the 
product.  Accomplishing  that  gets  back  to  paying 
attention  to  the  methodology  to  ensure  you’re 
considering  how  the  product  will  be  used  in  the 
production  network.  “Firewalls,  or  any  security 
product,  are  excellent  examples.  The  test 
gear  is  totally  clean,  and  the  test  is 
repeatable.  The  real  world  doesn’t 
behave  that  way  he  says. 

When  Snyder  tested  anti¬ 
spam  products  several 
months  ago,  he  used  an  actu¬ 
al  feed  of  e-mail  traffic  rather 
than  the  “canned”  spam  sev¬ 
eral  vendors  wanted,  which 
consisted  of  older,  well-known 
spam  (www.nwfusion.com, 
DocFinder:  9821).  “The  benefits 
of  using  the  feed  we  did  out¬ 
weighed  the  lack  of  repeatability  he 
says.“That’s  the  only  time  I  can  remember  say¬ 
ing  a  non-repeatable  test  was  acceptable.” 

Unlike  the  number  of  times  you  should  run  a 
test,  Lab  Alliance  members  had  varied  opinions 
on  the  length  of  time  a  test  should  run,  again  re 
fleeting  their  specialties.  Router  performance  can 
be  measured  in  as  little  as  30  to  60  seconds,  New¬ 
man  says,  although  tests  of  services, such  as  for  ISP 
backbones,  run  “in  the  wild”  for  at  least  30  days. 
Fterey  runs  tests  on  multimedia  equipment  for  at 
least  eight  hours.  Thomas  Powell,  founder  of  San 
Diego  Web  development  firm  PINT, says  his  tests  of 
Web  site  management  and  security  products  usu¬ 
ally  run  a  day  or  two.  However,  he  says  problems 
typically  crop  up  early. 

Snyder  begged  off  the  question,  but  he  did  have 
a  tip  on  getting  through  late-night  sessions:  “We 
have  adequate  stocks  of  Jack  Daniels, a  pair  of  950 
watt  amplifiers,  four  studio  monitor  speakers  and 
a  five-disk  CD  player’’ 

Desmond  is  president  of  PDEdit  ( www.pdedit . 
com),  an  IT  publishing  firm  in  Framingham,  Mass. 

Test  taboos.  Go  online  for  advice  from  our  Lab  Alliance  members 
on  how  to  avoid  the  most  common  testing  mistakes. 

DocFinder:  9866 
www.nwfusion.com 


Thomas  Henderson, 

managing  director, 
ExtremeLabs 

Focus  areas:  Operating 
systems,  low-end  storage, 
wireless. 


Ed  Mier,  founder,  Miercom 
Focus  areas:  VoIP  and  storage. 


Barry  Nance,  independent 
consultant 


Focus  areas:  WAN  and  LAN 

network  management. 


David  Newman,  president, 
Network  Test 

Focus  areas:  High-end 
network  gear,  some  security 
products. 


Christine  Perey,  president, 
Perey  Research  &  Consulting 

Focus  areas:  Video, 
collaboration. 


Thomas  Powell,  founder,  PINT 

Focus  areas:  Web  site 
management  and  security. 


Joel  Snyder,  principal, 
Opus  One 


Focus  areas:  VPNs,  intrusion 
detection,  intrusion  prevention, 
anti-spam,  wireless  security. 


Rodney  Thayer,  principal 
investigator,  Canola  &  Jones 


Focus  areas:  Intrusion  detec¬ 
tion,  intrusion  prevention,  VPNs. 


Qp'Si 

3Com 


Make  the  Decision  Today 
That  Will  Be  the  Right 
Decision  Tomorrow 

Introducing  the  3Com ®  Router  3000  and  5000 
Families  for  small  and  medium  enterprises 


In  these  days  of  slashed  IT  budgets  and  reduced  headcount,  you 
don't  get  a  second  chance  to  make  the  right  network  decisions. 
A  router  choice  that  makes  sense  now  won't  make  sense  when 
extra  money  and  manpower  are  needed  for  upgrades  when  your 
enterprise's  needs  grow.  Fortunately,  3Com  eliminates  router 
guesswork. 

No  other  router  in  this  class  can  beat  the  number  of  software 
features  and  amount  of  memory  shipped  standard  with  the 
3Com  Router  3000  and  5000  families.  They  integrate  seamlessly 
into  existing  networks,  include  full  VPN  and  security  support, 
and  won't  need  any  costly  upgrades  down  the  road. 


3Com  Router 
3000  Family 


3Com  Router 
5000  Family 


The  company  that  invented  Ethernet  is  now  the  single  point  of 
contact  for  complete  end-to-end  network  solutions.  Trade  up 
now  to  get  a  15%  rebate.  Visit  www.3com.com/WAN4 
to  learn  more  about  3Com  routers  and  the  trade  up  program. 
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Void  where  prohibited.  This  promotion  may  be  altered  or  canceled  at  any  time 
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f«f 


I  can  fix  it  from  here 
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Only  Avocent  centralizes  local  and  remote  control  of  servers  and 
serial  devices  in  your  data  center,  all  from  a  single  screen 


Emergency  phone  calls  from  your  remote  data  center?  No  problem.  With  the  Avocent  DS  Series, 
you  can  access  and  control  any  data  center  device,  right  from  your  desktop.  Whether  it’s  the 
server  down  the  hall,  the  router  across  town  or  the  power  device  in  another  country...  you  can 
control  it  all  with  Avocent. 

Our  DSView™  management  software  centralizes  authentication  for  multiple  users,  integrates 
power  management,  and  lets  you  control  your  entire  data  center,  all  from  a  single  screen. 

Anytime.  Anywhere. 

The  Power  of  Being  There 

Download  your  free  white  paper  at  www.avocent.com  or  call  1-866-286-2568  for  details  on 
how  the  Avocent  DS  Series  gives  you  CLICK  AND  CONNECT™  local  and  remote  data  center 
control  over  IP. 


Avocent 


Avocent.  the  Avocent  logo,  DSView,  Click  and  Connect  and  The  Power  of  Being  There  are  trademarks  or  registered  trademarks  of  Avocent  Corporation.  Copyright  ©  2004  Avocent  Corporation 
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In  their  own  words,  four  readers  tell  us  about 
the  network  products  they  love  best  -  from  the 
decades-old  to  the  brand  new.  By  Beth  Schultz 


Grady  Meeks,  director  of  information  systems  and  services 

Stephen  Ralston,  manager  of  ISS,  city  of 

(ISS),  city  of  Daytona  Beach,  Fla. 

Daytona  Beach 

Years  in  networking:  14 

Years  in  networking:  6-plus 

His  favorite:  802.11b-based  wireless  LAN  access  points 

His  favorite:  ArcIMS 

Vendor:  Airespace 

Vendor:  ESRI 

Police  officers  already  have  wireless  access  to  applications  [over  a  General  Packet 
Radio  Service  network]  they  use  to  provide  public  safety  services,  but  we  wanted  to 
give  them  even  better  tools.  Public  safety  is  a  huge  concern  for  Daytona  Beach, 
especially  during  major  events  such  as  the  Daytona  500,  Bike  Week  and  Spring 
Break.  Wireless  networks  are  great,  but  they  have  security  issues. 

Security  was  the  nice  thing 
about  the  Airespace  system.  Aire- 
space  allows  separation  be¬ 
tween  the  access  point  and  the 
server  appliance,  providing  wire¬ 
less  intelligence  while  minimiz¬ 
ing  maintenance  costs  due  to  in¬ 
clement  weather  and  lightening 
strikes.  It  provides  separate  and 
secure  networks  (virtual  LANs) 
with  priority  controls,  and  it  has  built-in  security  that  is  compatible  with  the  city’s 
Windows  2003  domain  and  provides  single-point  logon  for  seamless  connectivity. 

We  will  equip  120  traffic  cabinets,  which  have  fiber,  with  Airespace  wireless  access 
points.  An  existing  NetMotion  server  will  determine  the  fastest  available  route  back 
to  the  city’s  network.This  will  allow  public  safety  officers  to  benefit  from  the  current 
45K  bit/sec  GPRS  network  available  citywide  and  the  new  802.11b  wireless  net¬ 
work,  which  will  give  them  access  speeds  up  to  1 1 M  bit/sec  within  a  half-mile  radius 
of  the  access  points. 

This  tool  not  only  will  take  care  of  the  main  focus  on  public  safety,  but  also  will 
ultimately  serve  every  other  department  in  the  city.H 


Airespace  wireless  LAN  switches  and  access  points  are  allowing 
communications  among  public  safety  officers  in  Daytona  Beach. 


This  tool  provides  a  way  of  bringing  a  geographical  information  sys¬ 
tem  to  a  Web  server  and  spatially  presenting  the  information.  For 
example,  if  you  wanted  to  know  where  all  the  traffic  cabinets  are  in 
the  city  we  could  give  you  a  list  of  them,  or  we  could  plot  them  geo¬ 
graphically  and  place  them  on  a  map.This  is  a  great  integrator  of  data. 


3  Oklahoma  City  fr.onomit  Development  Information  System  . 
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Among  other  benefits,  ESRI’s  ArcIMS  tool  lets  the  city  of  Daytona  Beach 
provide  aerial  overviews  to  firefighters. 
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We  are  concentrating  on  this  as  a  tool  for  the  fire 
department.  We  took  ArciMS  and  built  a  Web  serv¬ 
er  off  of  it.The  fire  department  can  look  at  all  calls 
in  a  narrative  display  to  find  out  where  a  call  is  tak¬ 
ing  place  and  the  principals  involved.Then  they  go 
to  ArciMS  and  see  where  the  call  is  taking  place, 
with  a  500-ft.  buffer  around  the  call. 

ArciMS  will  show  all  the  streets  and  give  an  aer¬ 
ial  overview,  plus  show  where  the  nearest  fire 
hydrants  are  and,  as  we  gather  more  data,  where 
hazardous  materials  are  stored.  The  idea  is  to 
remove  all  surprises. 


This  also  works  with  development  services,  for 
the  plotting  of  water  mains,  electrical  systems,  zon¬ 
ing,  etc.The  tool  helps  us  address  the  challenges  we 
face  with  a  lot  of  people  coming  up  for  retirement 
—  there  is  a  lot  of  information  on  the  city’s  infra¬ 
structure  in  peoples  heads  and  on  old  blueprints. 
Before  we  have  this  exodus  of  knowledge,  were  try¬ 
ing  to  get  everything  in  a  geographical  information 
system  so  we  can  layer  on  top  of  that.  We  wanted 
something  that  we  can  use  citywide,  for  every 
department.So  far, we’ve  probably  only  done  about 
20%  of  what  we  can  with  this  tool.B 


“ArciMS  will  show  all  the  streets  and 
give  an  aerial  overview,  plus  show  where 
the  nearest  fire  hydrants  are  and,  as  we 
gather  more  data,  where  hazardous 
materials  are  stored.  The  idea  is  to 
remove  all  surprises. " 

Stephen  Ralston 

Manager  of  ISS,  city  of  Daytona  Beach 


Fred  Wettling,  infrastructure  architect,  Bechtel 


Years  in  networking:  20-plus 
His  "old"  favorite:  Sniffer 
Vendor:  Network  General 

This  choice  goes  back  to  when 
Network  General  first  came  out  with 
Sniffer,  back  in  the  DOS  days. 
(Thinking  about  it  is  so  funny  —  the 
first  Sniffer  I  got  was  not  really  even 
a  true  laptop.  It  came  without  a  bat¬ 
tery;  it  was  a  flip-up  type  device  with 
a  plasma  screen.)  Other  vendors 
had  products  that  let  you  analyze 
network  packets  in  detail,  but 
Network  General  was  an  innovator 
and  established  a  market  position 
that  has  held  up  over  the  years.  If  I 
couldn’t  have  a  Sniffer  [now  from 


Of  all  products  Bechtel's  Fred  Wettling  has  worked 
with  over  the  last  two  decades,  the  good-old  Sniffer 
remains  his  all-time  favorite. 


Network  Associates] ,  I’d  have  to  find 
another  product  that  could  provide 
the  same  level  of  information.  It  lets 
me  take  a  look  at  the  aggregate  traf¬ 
fic  on  the  wire  itself. 

Some  of  the  more  recent  work 
we’ve  done  with  Sniffer  is  in  the  area 
of  application  profiling  and  applica¬ 
tion-network  impact  analysis  in  con¬ 
junction  with  other  tools.  For  exam¬ 
ple,  two  years  ago  we  were  going  to 
consolidate  HR  information  into 
one  data  center,  but  we  didn’t  know 
how  this  would  affect  the  network. 
So  we  took  a  distributed  Sniffer  and 
set  up  a  test  lab  where  we  could 
measure  [about  20  major]  transac¬ 
tions  at  multiple  points  throughout 
their  paths  between  the  Web  server 
and  the  application  server.  We  ran 
the  transactions  and  analyzed  the 
data  measured  in  aggregate.  We 
could  determine  what  performance 
would  be  and  find  where  the  real 


bottlenecks  would  be  —  and  be 
able  to  tell  that  to  the  application 
people.  Something  that  can  be  put 
on  the  wire  is  absolutely  critical  for 
this  kind  of  work  because  it  allows 
the  technician  and  analysts  to  really 
understand  what’s  happening  on 
the  network.  The  guesses  are  gone 
and  the  collected  information  can 
be  used  to  make  sound  decisions. 


His  "new"  favorite:  VPNs 
Vendor:  Cisco 

We  initially  used  IP  Security-based 
VPNs  for  remote-user  broadband 
access  to  Bechtel’s  network.  But 
over  the  last  couple  of  years  we’ve 
been  dumping  our  frame  relay  cir¬ 
cuits  as  fast  as  we  can  and  moving 
to  a  VPN  WAN.  Most  of  our  major 
offices  have  been  cut  over  already 
and  a  lot  of  the  smaller  offices  and 
project  sites  have  been  running 
VPN  technology  for  a  while  now. 
Bechtel  is  mainly  a  Cisco  shop, so  if 
we’re  connecting  Cisco  to  Cisco  it’s 
great.  But  even  if  we’re  connecting 
to  an  employee  at  home  or  a  busi¬ 
ness  partner  that  doesn’t  use  Cisco 
equipment,  since  we’re  basing  our 
connection  on  an  interoperable 
standard  it  works. 

Now  we’re  in  the  process  of  doing 
some  beta  work  for  Cisco  on 
[Secure  Sockets  Layer]  VPNs,  in  con¬ 
junction  with  some  of  its  VPN  termi¬ 
nators.  Bechtel  basically  builds  and 
fixes  big  industrial  things,  like  a  new 
[airport]  terminal  or  cleaning  up 
some  big  mess.  We  have  several 
offices  where  we  do  a  lot  of  engi¬ 
neering  work,  but  basically  we’re  a 
project-oriented  company.  We  need 
to  be  able  to  mobilize,  to  put  people 
in  the  field,  and  we’re  constantly 
opening  and  closing  offices  and 
sites.  With  this  VPN  technology  we 
can  get  everyone  connected  with  a 
level  of  performance  that  allows 
them  to  do  their  jobs.  We  can  set  up 
an  office  in  a  hotel,  for  example, 
even  if  we  don’t  have  time  to  order  a 
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point-to-point  connection.VPN  tech¬ 
nology  in  such  volatile  environ¬ 
ments  is  interesting  to  us. 

Our  overall  objective  is  to  improve 
performance,  reduce  costs  and  sim¬ 
plify  by  reducing  the  number  of  mov¬ 
ing  parts.  As  you  move  to  Windows 
XPfor  example,  you  can  use  a  native 
Windows  VPN  connector  —  that’s 
the  level  of  simplification  I’m  talking 


about,  where  you  don’t  have  to 
deploy,  manage  and  upgrade 
throughout  your  environment. 

VPN  lays  the  foundation  for  con¬ 
verged  services  over  the  WAN.  It 
offers  reduced  latency  and  im¬ 
proved  performance  compared  to 
frame  relay  circuits,  and  gives  us 
WAN  cost  savings.  A  new  level  of 
agility  is  available  to  Bechtel.  ■ 


Proxim  Tsunami  QuickBridge  11 

>  Eliminates  the  need  for  costly  leased  line  or 
cable  alternatives 

>  Pre-configured  for  easy  and  quick  deployment 

>  All-in-one  box  solution  includes  surge  arrestors, 
cables  and  antennas 

>  Upgradeable  to  a  point-to-multipoint  solution, 
by  adding  Tsunami  MP.11  Subscriber  Units 
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3Com  Wireless  LAN  Access  Point  8750 

>Dual  mode  802.11a/802.11g  access  point  supports 
more  wireless  clients  within  the  same  coverage  area 
>  Upgradeable  platform  for  configuration  flexibility 
and  investment  protection 
>WEP  RC4  40/64  bit,  128  bit  and  154-bit 
shared-key  encryption 

^  ^869.00 

oUUIIi  CDW  544515 


D-Link  DI-624  XtremeG™  Wireless 
Router  Bundle 

>  Share  and  access  your  broadband 
Internet  connection 

>  High-speed  108Mbps  router  up  to  15x  faster 
than  802.11b 

>802.11g  and  802.11b  -  compatible 
>Easy  installation 


D-Link 


S99.001 

CDW  569040 


CDW.com  -800.780.4CDW 


‘After  mail-in  manufacturer  rebate,  offer  ends  3/31/04.  Customer  understaids  that  CDW  is  not  the  manufacturer  of  the  products  purchased  by  customer  hereunder  and  the  only  warranties  offered  are  those  of  the  manufacturer,  not  CDW.  All  pricing  is  subject  to  change.  CDW  reserves  the  right  to  mate  adjust 
ments  to  pncing.  products  and  service  offerings  for  reasons  induding.  but  not  limited  tct  changing  market  conditions,  product  discontinuation,  product  unavailability,  manufacturer  price  changes  and  errors  in  advertisements.  All  orders  are  subtea  to  produa  availablity.  therefore,  CDW  cannot  guarantee  that  it  wrl! 
be  able  to  fulfill  customer's  orders.  The  terms  and  conditions  of  sale  are  limited  to  those  contained  herein  and  on  CDWS  Web  Site  at  CDW.com.  Notice  of  objection  to  and  rejection  of  any  additional  or  different  terms  in  any  form  delivered  by  customer  is  nereby  given.  ©  2004  CDW  Corporation  NW/NC  2/04 
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Charles  hetcher,  CIO,  Delaware  State  University _ 

Years  in  networking:  20-  plus _ 

His  favorite:  HiPath  Sicurily  Card,  a  smart  card  system  that  includes  a  metadirectory  suite 
Vendor:  Siemens  Information  and  Communication  Networks 


We  began  looking  at  smart  card  solu¬ 
tions  prompted  by  changes  in  the  infor¬ 
mation  that  one  needs  to  carry  on  a  card. 
For  years,  we  had  used  students’  Social 
Security  numbers  on  their  ID  cards,  which 
we  now  know  is  a  privacy  violation  and 
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Technology  for  Life  Sciences  &  Healthcare 

Bio  IT  World 

CONFERENCE+EXPO 


Bio*IT  World  Conference  +  Expo™  will  enable  you  to 
discover  the  latest  technology,  network  with  industry  leaders 
and  learn  how  to  accelerate  your  research  and  development 
through  the  use  of  IT,  informatics  and  life  science 
technologies  across  the  entire  life  sciences  R&D  value  chain. 


Conference:  March  30  -  April  1, 2004 
Expo:  March  30  -  April  1, 2004 
Hynes  Convention  Center  •  Boston,  MA 


fctasrf* 

Fe6'y*y  27 

ytos® 


Benefit  from  these  exciting,  new  event  highlights: 


©  ^Haal»h!TW Ml  —  a  special  eo-located  Conference  +  Expo  dedicated 
y  ncdllil  1 1  ViUriU  to  the  enabling  technologies  in  outcomes-based  medicine, 

healthcare  informatics,  IT  infrastructure  and  healthcare 
management  systems 

®  Expanded  &  ln-Depth  Education  —  developed  in  conjunction  with  leading  industry 
partners:  Bio-IT  World  magazine,  Thomson  CenterWatch,  Medical  Records  Institute  (MRI) 
and  IDG  Ventures 

©  Ernst  &  Young  Venture  Summit  —  hosted  by  IDG  Ventures 

®  Technology  Showcase  Demonstrations  —  learn,  evaluate  and  compare  products  in 

this  interactive  setting 

©  Focused  Workshops  —  providing  a  detailed  and  topic-centric  learning  experience 

©  Biotech  Tuesday  Networking  Event 


Technology  for  Healthcare 


Cornerstone  Sponsor 


Platinum  Sponsors 
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EMC2 


Gold  Sponsor 
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Silver  Sponsor 
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Flagship  Media  Sponsor 

BiofT  World 


Exceptional  Keynotes 


DR.  GEORGE  POSTE 
CEO.  Health  Technology 
Networks 

(former  R&D  head,  SKB) 


DR.  SUSAN  L.  LINDQUIST 
Director.  Whitehead  Institute 
for  Biomedical  Research, 

Professor  of  Biology,  MIT 


MICHAEL  C.  RUETTGERS 

Executive  Chairman 

EMC 


VICE  ADMIRAL  RICHARD 
H.  CARMONA.  M.D..  M.P.H., 
F.A.C.S.  (INVITED) 

United  States  Surgeon 
General  Commander  USPHS 
Commissioned  Corps,  U.S.  Dept, 
of  Health  and  Human  Services 

STEVEN  H.  HOLTZMAN 

Founder;  President  &  CEO 

Infinity  Pharmaceuticals 


Media  A  Content  Sponsors 


.dtmmsss  PEOPLE  VBioresaorA  Online  uukhkm*;  WIDC  bio.com---.-  NetWOlkWwId 

WDG  Ventures  technology  nature  — 
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WORLD  EXPO 


www.bio-itworldexpo.com 

SPONSORSHIP  &  EXHIBITING  OPPORTUNITIES  ARE  NOW  AVAILABLE 

Please  call  Don  Rosette  at  508-424-4854  or  don  rosette@idg.com  for  more  information. 


an  identity  theft  problem.  Students  also 
had  to  carry  two  cards  —  one  a  picture  ID 
and  one  for  physical  access  to  residence 
halls.  So  here  we  had  this  unique  oppor¬ 
tunity  to  combine  two  cards  into  one  plat¬ 
form  and  to  do  interesting  things  with 
identity  management. 

We  actually  ended  up  combining  five 
separate  platforms  on  the  card.  We  use  a 
magnetic  strip  for  a  legacy  application 
that  acts  like  an  account-debit  system  for 
meals  and  the  bookstore.  We  have  a  bar 
code  for  use  with  the  library  system.  A 
magnetic  antenna  provides  for  physical 
access  to  residence  halls,  computer  cen¬ 
ters,  labs,  etc.  The  system  also  records 
who  tries  getting  in  and  at  what  time,  so 
this  makes  for  excellent  security.  (The 
police  chief  just  loves  it,  since  computer 
theft  on  campuses  had  been  a  problem.) 
The  fourth  technology  is  a  memory  chip. 
The  cards  can  be  inserted  in  a  card  read¬ 
er  device  on  a  computer,  and  after  enter¬ 
ing  a  four-digit  PIN,  the  user  gets  access  to 
appropriate  resources.  For  example,  I  get 
access  to  my  budget  information,  the 
directory  database,  student  data  files  for 
the  class  I  teach.We  don’t  need  username 
or  password,  just  the  PIN,  so  this  provides 
identity  management.  The  other  technol¬ 
ogy  we  have  on  the  card  is  a  contactless 
antenna,  for  an  e-purse  application  that 
we’re  working  on  with  the  Department  of 
Transportation.  We  want  to  provide  stu¬ 
dents  a  cashless  way  to  ride  trains.  We’ve 
done  our  part;  now  we’re  just  waiting  for 
the  state  to  install  the  card  readers. 

The  metadirectory  is  the  core  piece. 
Student  ID,  financial  aid,  meal  databases, 
the  lock  system  —  this  information  is  all 
stored  on  different  servers.  The  metadi¬ 
rectory  provides  a  single  point  of  admin¬ 
istration  so  that  updates  in  a  single  data 
repository  take  effect  in  other  directories 
and  applications.The  single  biggest  bene¬ 
fit  is  an  easier-to-manage  system  of  identi¬ 
ty  This  card  provides  something  close  to  a 
Holy  Grail  product  — 'if  only  I  could  get 
my  bank  debit  card  information  on  it; 
now  that  would  be  ideal!  ■ 


Siemens'  HiPath  Slcurity  smart  card  system 
is  opening  doors  to  new  applications  at 
Delaware  State  University. 
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Tops  in  innovation 


NetworkWorU 2004 


Selected  by  five  of  our  columnists,  these  products  step  beyond  the  norm 
IldiluHUi  j  DltHlKt  with  interesting  solutions  for  today's  enterprise  network  problems. 

Swinging  into  wireless  with  ease 

Trapeze  Networks'  Trapeze  Mobility  System 


Ira  Brodsky 

Totally  Unplugged 


Ready  or  not,  wireless 
LANs  are  popping  up  in 
corporations.  IT  brings 
some  in  through  the  front 
door,  while  users  tiptoe 
others  in  through  the 
back  door.  Either  way, 
WLANs  pose  unique 
management  challenges. 
Coverage,  integration 
with  wired  networks,  security  and  detection  of 
rogue  access  points  require  thoughtful  manage¬ 
ment.  Fortunately,  companies  such  as  Airespace, 
Aruba  Wireless  Networks,  Bandspeed,  Bluesocket, 
ReefEdge,  Trapeze  and  Vernier  Networks  stepped 
out  in  2003  with  enterprise-grade  WLANs.  Of  these, 
Trapeze  stands  out  for  its  comprehensive  offering. 

Trapeze  Mobility  System  does  for  WLANs  what 
structured  wiring  systems  do  for  wired  LANs. 
Thus, Trapeze  calls  its  solution  “structured  air’ But 
that’s  only  part  of  the  story:  Trapeze  takes  wire, 
glass  and  wireless  media  and  creates  a  network 
with  integrated  mobility 

The  Trapeze  Mobility  System  is  for  companies 
that  see  mobility  as  an  essential  component  of 
their  network  strategy. To  reap  the  full  benefits,  the 
corporation  must  standardize  on  Trapezes  access 
points. Although  Trapeze  offers  a  starter  kit,  the  pay¬ 
off  is  greatest  for  customers  with  diverse  applica¬ 
tions,  a  large  number  of  mobile  users  or  both. 

The  system  consists  of  four  major  elements: 
RingMaster,  Mobility  System  Software,  Mobility 
Exchange  and  Mobility  Points.  The  RingMaster 
tool  suite  is  for  planning,  configuring  and  opti¬ 
mizing  the  WLAN. The  process  begins  by  import¬ 
ing  AutoCAD  (or  other)  floor  plans.  A  software 
wizard  calculates  the  number  and  locations  of 
Trapeze  Mobility  Points  (access  points)  and 
Mobility  Exchanges  (switches)  to  be  installed. 
Once  these  are  in  place,  RingMaster  uploads 
their  configurations  and  verifies  coverage. 
RingMaster  continues  to  gather  statistics,  detect 
rogue  access  points  and  plan  changes  from  that 
day  forward. 

Mobility  Exchanges  support  what  Trapeze  calls 
“identity-based  networking.”  Instead  of  linking 
users  to  physical  ports  for  authentication, securi¬ 
ty  and  management,  Trapeze  focuses  on  user 
identities  and  transfers  user  attributes  from  one 
Mobility  Exchange  to  another  as  the  user  roams 
the  network.  With  other  systems,  users  must  re-log 


The  Trapeze  Mobility  System,  consists 
of  access  points,  switches  and  soft¬ 
ware  creating  what  the  vendor  dubs 
“structured  air." 


on  as  they  roam;  with  Trapeze,  users  log  on  once. 
The  Mobility  Exchanges  also  offload  many 
RADIUS/ AAA  server  tasks  for  maximum  respon¬ 
siveness  and  scalability. 

Mobility  Points  avoid  the  extremes  of  “thin”  and 
“fat”  access  points  to  optimize  security  and  guar¬ 
antee  availability  at  lower  total  cost  of  owner¬ 
ship.  For  example,  they  feature  redundant  data 
and  power-over-Ethernet  ports.  Thus,  each 
Mobility  Point  can  be  associated  with  two 
Mobility  Exchanges.  While  other  systems  require 
100%  access  point  redundancy  to  guarantee 
availability,  Trapeze  can  accomplish  the  same 
with  just  25%  access  point  redundancy. 

Trapeze  Mobility  System  has  a  nice  security  fea¬ 
ture  too.  It  continuously  monitors  the  airwaves, 
alerting  IT  when  it  detects  rogue  access  points. 


One  drawback  is  that  the  Trapeze  Mobility 
System  forces  replacement  of  pre-existing  access 
points.  Still,  for  companies  with  big  mobility 
plans,  that’s  a  small  price  to  pay  for  a  qualitatively 
more  secure,  scalable  and  manageable  system. 
Pricing  for  the  system  averages  about  $250  per 
user,  assuming  between  10  and  15  users  per 
access  point,  with  450  to  6,000  users  total.  This 
price  does  not  include  user  adapter  cards. 

[Brodsky  also  likes  Orthogon  Systems’  OS- 
Gemini  product  for  non-line-of-sight  wireless 
applications.  Go  to  www.nwfusion.com,  Doc- 
Finder:  9868.] 

Brodsky  is  president  of  Datacomm  Research  in 
Chesterfield,  Mo.  He  can  be  reached  at  ibrodsky@ 
datacommresearch.  com. 


A  one-two  punch  for  securing 
e-mail  and  instant  messages 

Sigaba’s  Secure  Email  4.0/Secure  Instant  Messaging  1.2 

Picking  a  single  product  to  represent  an  entire  year  is  always  a  challenge. 
Of  course  the  solution  should  have  great  technology  and  features.  But  I  look 
for  more.  Specifically,  it  must  illustrate  a  trend  —  better  still,  multiple  trends  — 
that  will  be  significant  thisyear.lt  has  to  fill  a  clearly  defined  market  gap.  And 
it  should  garner  rave  reviews  from  IT  executives. 

My  pick  for  this  year  is  Sigaba’s  Secure  Email  4.0/Secure  Instant  Messaging 
1.2,  introduced  last  October.  This  product  combination  provides  privacy, 
auditing  and  management  for  electronic  communications,  including  e-mail 
and  instant  messaging,  and  it  addresses  three  key  trends  for  2004. 

First  is  the  focus  on  security  IT  executives  increasingly  need  to  secure,  track 
and  manage  all  forms  of  communication.  Thanks  to  legislation  such  as  the 
Health  Insurance  Portability  and  Accountability  Act,  Gramm-Leach-Bliley  and  Sarbanes-Oxley,  the  penal¬ 
ties  for  data  tampering  (or  working  unknowingly  with  tampered  data)  now  include  jail  time  for  senior 

See  Johnson,  page  78 
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executives.  Compliance  with  this  legis¬ 
lation  is  critical  —  and  will  continue  to 
be  for  years  to  come. 

Second  is  the  emergence  of  IM  in 
the  enterprise.  In  a  recent  Nemertes 
Research  benchmark,  90%  of  IT  exec¬ 
utives  reported  using  IM  at  work. 
Increasingly,  IM  is  an  IT-supported  ini¬ 
tiative:  37%  of  IT  executives  say  their 
companies  use  enterprise-class  IM, 
while  another  43%  say  they  will  do  so 
in  the  next  six  to  24  months. 

Last  comes  the  growing  requirement 
for  encryption  key  management  that 
can  be  controlled  and  audited  cen¬ 
trally  but  administered  in  a  distributed 
fashion.  This  is  particularly  necessary 
when  a  group  at  headquarters  is 
responsible  for  guaranteeing  the 
accuracy  of  data  exchanged  among 
far-flung  sites.  As  the  chief  security  offi¬ 
cer  of  a  major  global  manufacturing 
firm  tells  me,  an  effective  messaging 
encryption  tool  has  been  his  Holy 


Grail  for  the  past  three  years.  His  major 
challenge  is  being  able  to  manage 
keys  at  a  regional  level  without  the 
knowledge  of  the  local  general  man¬ 
agers  (which  might  be  necessary  for 
example,  if  one  of  those  individuals  is 
suspected  of  unethical  behavior). 

Fortunately,  the  Sigaba  platform  han¬ 
dles  authentication,  authorization,  dis¬ 
tribution  of  encryption  keys,  and  sign¬ 
ing  and  non-repudiation  of  messages. 
And  it  lets  security  managers  maintain 
a  detailed  trail  of  actions  for  auditing. 

Users  are  equipped  with  a  variety  of 
clients:  an  IM  desktop,  IM  for  browsers 
and  e-mail  plug-ins  that  provide  a 
“Send  securely” option  to  20  of  the  top 
e-mail  packages.  These  clients  inte¬ 
grate  into  a  range  of  servers,  including 
a  presence  server, an  IM  server  and  the 
e-mail  gateway  server.  Features  such  as 
virus  scanning,  content  filtering  and 
policy  management  functions  run  on 
these  servers.  Most  importantly,  IT 
executives  can  manage  the  software 
locally  and  globally  as  needed. 

Users  who  have  rolled  out  the  Sigaba 
software  love  it  (in  fact,  I  first  learned 
about  this  product  from  an  IT  execu¬ 
tive).  An  entry-level  system  starts  at 
about  $25,000  and  runs  on  A1X, Solaris, 
Linux  and  Windows  servers. 

Johnson  is  president  and  chief 
research  officer  at  Nemertes  Re-search. 
She  can  be  reached  at  johna@ 
nemertes.com. 


Adding  a  jolt  to  PKI-based  messaging 


Voitage  Security’s  Voltage  Security  Platform  (Voltage  SecurePolicy  Suite,  Voltage 
SecureMail  and  Voltage  SecureFile) 


James  Kobielus 

Above  the  Cloud 

Secure  messaging  still  hasn’t 
broken  into  the  enterprise 
mainstream,  in  spite  of  consid¬ 
erable  vendor  innovation  over 
the  past  several  years.  Among 
deployed  secure-messaging  systems,  public-key-infra- 
structure-based  solutions  predominate. 

However,  PKI-based  secure-messaging  products  are 
still  too  complex  to  set  up  and  administer  within  and 
among  diverse  organizations.  Automatic  and  transpar¬ 
ent  handling  of  key  issuance,  management  and  re¬ 
trieval,  on  demand,  would  help  considerably  Identity- 
based  encryption  (IBE),  implemented  in  Voltage 
Security’s  Voltage  Security  Platform  product  family  is  a 
breakthrough  PKI  approach  that  does  this. 

The  fundamental  innovation  behind  Voltage’s  IBE  is 
that  a  message  sender  doesn’t  need  to  know  whether  an 
intended  recipient  has  a  public-key  certificate.  Users 
needn’t  ever  obtain  an  X.509  certificate  to  participate  in 
IBE-based  secure  communications.  Instead,  people  can 
use  any  arbitrary  character  string  —  such  as  their  e-mail 
address  —  as  their  public  key  Consequently  public-key 
issuance  becomes  an  implicit,  latent  and  automatic 
component  of  e-mail  account  setup.  Any  recipient  can 
simply  assume  a  public  key  based  on  identity  informa¬ 
tion  retrieved  from  existing  directories. 

Under  this  IBE-based  architecture,  companies  don’t 
need  infrastructure  components  such  as  certificate 
authorities  and  repositories.  The  sender  simply  address¬ 
es  and  sends  the  secure  message  to  recipients  as  he  nor¬ 
mally  would,  using  the  recipient’s  email  address.  The 
sender’s  email  client  uses  the  recipient’s  email  address 
as  the  public  key  when  encrypting  or  signing  messages 
bound  for  the  recipient.  The  Voltage  server-side  infra¬ 
structure  —  the  SecurePolicy  Suite  or  hosted  Secure 
Policy  Service  —  takes  care  of  binding  IBE-based  public 
keys  to  freshly  minted,  short-lived  private  keys,  and  dis¬ 
tributing  private  keys  to  recipients,  on  demand. 

To  read  secure  e-mail,  the  receiver  requests  a  private 
key  from  the  sender’s  SecurePolicy  Suite  (or  the  hosted 
Voltage  SecurePolicy  Service).  The  server-side  infra¬ 
structure  provisions  plug-in  software  —  Voltage 
SecureMail  —  to  recipient  desktops,  and  authenticates 


senders  and  recipients  against  existing  directories. 

Voltage’s  IBE  approach  simplifies  key  management. 
Other  secure-messaging  vendors  surely  will  take  note 
and  attempt  their  own  IBE-based  solutions  (an  approach 
that  has  been  around  since  the  1980s,  but  Voltage  intro¬ 
duced  the  first  commercial  version  last  July). 

However,  Voltage  doesn’t  appreciably  simplify  the 
configuration  of  secure-messaging  environments. 
Users  must  have  Voltage  client  software  integrated  with 
leading  e-mail  clients,  including  Microsoft  Outlook. 
And  it  doesn’t  provide  qualitatively  superior  secure- 


When  integrated  with  an  e-mail  client,  Voltage  SecureMail  eases 
encryption  and  decryption  of  secure  messages. 

messaging  features.  Many  of  Voltage’s  other  secure- 
messaging  features  —  including  short-lived  private 
keys,  server-side  key  revocation,  and  ad  hoc  enroll¬ 
ment  and  provisioning  —  can  be  found  elsewhere. 

Voltage  SecurePolicy  Suite  costs  $50,000  per  server; 
SecureMail,  $50  per  user;  and  SecureFile,  $20  per  user. 
Clients  are  available  in  packages  ranging  from  1,000  to 
100,000  users,  and  in  corporate  volume  discounts.The 
company  also  provides  subscription  pricing  as  an 
alternative. 

Kobielus  is  a  senior  analyst  in  Alexandria,  Va.,  with 
Burton  Group.  He  can  be  reached  at  jkobielus@ 
burtongroup.  com. 


Time  travel  for  DSU/GSUs 

Visual  Networks’  Visual  UpTime  Select 


Short  of  modems,  thinking  of 
a  less-innovative  product  than  a 
DSU/CSU  is  tough.  The  sole 
innovation  for  the  DSU/CSU 
market  over  the  past  10  to  15 
years  has  been  to  make  these 
devices  the  independent  refer¬ 
ence  point  and  measurement 
tool  for  troubleshooting  and 
service-level  agreement  verifi¬ 
cation.  So  coming  out  with  a  “category  breaker"  in  this 
space  takes  true  innovation  —  even  if  that  comes  in  the 


form  of  taking  an  old  idea  and  adding  new  features. 

This  is  exactly  what  market  leader  Visual  has  done 
with  Visual  UpTime  Select.  Not  content  to  sit  back  and 
continue  with  a  business-as-usual  model, Visual  raises 
the  ante  with  this  product  by  creating  a  pay-as-you-go 
model  for  advanced  DSU/CSU  functions. 

The  market  for  enhanced  DSU/CSU  products  has 
always  presented  a  dilemma  for  users.  On  the  one 
hand, you  can  pay  an  increased  price  for  the  unit  and 
have  excellent  network  management  capabilities.  Or 
you  can  take  your  chances  with  a  generic,  run-of-the- 

See  Taylor,  page  79 


Steve  Taylor 

Packet  Evangelist 
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Visual  Networks’  Visual  Uptime  Select 


Taylor 

Continued  from  page  78 

mill  unit  and  probably  squeak  by  for  less  money. 
And  while  I’ve  always  advocated  the  former  path, 
in  these  cash-strapped  times  many  firms  have 
chosen  the  latter  route. 

Now  you  can  have  your  cake  and  eat  it  too. You 
can  get  enhanced  functions  by  buying  the  base 
DSU  unit  and  the  software  licenses,  or  you  can 
buy  the  software  licenses  at  a  later  date  (from 
mid-2004).  Using  special  code, you  would  be  able 
to  unlock  the  enhanced  functions  when  you 
need  them  on  a  site-by-site  basis.  A  basic  T-l  unit 
costs  $1,200,  with  the  additional  software  func¬ 
tions  ranging  in  price  from  $650  to  $1,700  per  site. 

Let’s  suppose  you’re  experiencing  a  problem  in 
Albuquerque,  N.M.,  for  the  first  time  in  several 
years.  With  UpTime  Select,  you  will  have  the 
option  of  purchasing  a  license  to  unlock  the 
advanced  capabilities  only  in  Albuquerque  to 
solve  the  problem  at  hand. 

But,  in  the  tradition  of  the  famous  Ginsu  knife 
commercials,  “But  wait!  There’s  more!”  Two  addi¬ 
tional  factors  make  Visual  UpTime  Select  product 
even  more  interesting. 

The  first  of  these  is  the  ability  to  do  time  travel. 
Let’s  say  the  problem  in  Albuquerque  started  on 
Tuesday  but  it  didn’t  rise  to  the  top  of  the  trouble- 
ticket  stack  until  Thursday  Even  though  you  previ¬ 


ously  hadn’t  purchased  the  historical-analysis 
capabilities,  UpTime  Select  has  been  tracking  the 
problem  all  along.  When  you  activate  the  software 
on  Thursday  the  stats  from  Tuesday  are  available. 

The  second  of  the  two  cool  factors  that  make  this 
a  category  breaker  is  that  these  functions  might 
even  be  included  as  a  part  of  your  router  software. 
For  years,  users  have  been  forced  to  decide 
between  the  economy  of  using  an  integral 
DSU/CSU  or  the  added  capabilities  of  an 
external  enhanced  DSU/CSU. This  year,  the 
full  Uptime  Select  capabilities  are  expected 
to  be  included  with  Cisco’s  integral  DSU/ 

CSUs,  although  the  availability  of  the  full 
suite  will  lag  a  bit  behind  the  stand-alone 
units.  Consequently  you’ll  have  the  option 
of  on-demand  pay-as-you-go  management 
without  an  upfront  commitment  —  even 
when  using  an  integrated  DSU/CSU  in  your 
router. 

In  fairness,  the  development  has  a  down¬ 
side.  Historically  the  DSU/CSU  has  provided 
a  clear  demarcation  point  between  the  ser¬ 
vice  provider  and  user  networks.  Even  with 
services  such  as  AT&T’s  Frame  Plus  frame 
relay  service  that  includes  an  enhanced 
DSU/CSU,  the  router  is  off-limits  to  the  ser¬ 
vice  provider.  However,  with  highly  man¬ 
ageable  DSU/CSU  capabilities  built  into  the 
router  itself,  this  demarcation  point  is 


becoming  significantly  less  distinct.  In  fact,  the 
demarcation  point  becomes  a  software  function 
within  the  router. 

I’m  betting  you’ll  be  willing  to  live  with  this.The 
potential  is  too  great  to  ignore. 

Taylor  is  president  of  Distributed  Network  Associ¬ 
ates  in  Greensboro,  N.C.,  and  publisher  ofWebtorials 
.com.  He  can  be  reached  at  taylor@webtorials.com. 
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Visual  UpTime  Select  shows  real-time  and  historical  application  flows  and 
top  talkers  across  IP  network  connections. 


Luring  hackers  with  an  open  source  honeypot 


Open  source  community’s  Honeyd 

Winn  Schwartau 

On  Security 

I  think  lying  to  criminals  is  a  good  thing. They  do 
it  to  us! 

And  1  don’t  hate  hackers;  they  do  more  good 
than  harm  for  the  state  of  security.  But  I  have  no 
use  for  criminal  hackers,  identity  thieves  or  other  miscreants  who  disguise 
their  hostile  activities  as  “hacking  for  mankind.’’That’s  pure  BS.  So  let’s  lie 
every  chance  we  get  to  protect  our  networks. 

My  choice  for  product  of  the  year  is  an  open  source  honeypot  called 
Honeyd,  maintained  by  Niels  Provos,  a  Ph.D.  candidate  and  experi¬ 
mental  computer  scientist  at  the  Center  for  Information  Tech¬ 
nology  Integration  of  the  University  of  Michigan. 

I  became  acquainted  with  the  idea  of  deception  and  lying  to 
one’s  ’Net  enemies  in  1996,  from  Fred  Cohen  and  his 
Deception  Tool  Kit.  The  object  was  simple:  Tell  the  intruders 
one  thing  (not  the  truth),  and  fool  them  into  believing  they  are 
getting  through  your  defenses.  In  reality,  you  put  them  into  a 
secure “trap”where  their  activities  are  harmless, you  can  cap¬ 
ture  all  of  their  activities  (for  research  of  course!)  or  feed 
them  erroneous  information. 

In  1999, 1  wrote  about  deception  and  honeypots  from  mili¬ 
tary  and  network  defense  standpoints  in  my  book  Time  Based  Security  .Just 
consider  how  much  deception  we  used  in  World  War  II  and  throughout  the 
Cold  War.  Part  and  parcel  of  the  espionage  job  was  to  suck  in  your  enemy 
and  get  him  to  believe  your  lies  to  put  him  off  path.  Good  stuff  in  the  real 
world  now  being  applied  to  the  world  of  network  security.Still,no  such  real 
products  could  be  called  highly  effective  security  tools. 


It  wasn’t  until  1  met  the  incredible  and  energetic  Lance  Spitzner,  co¬ 
founder  of  the  Honeynet  Project,  that  I  realized  a  small  industry  had  been 
born  that  was  based  on  these  principles.  Spitzner  and  I  became  close 
friends  after  1  heard  him  speak  in  Dublin,  Ireland,  with  eloquent  passion 
about  techniques  in  which  I  strongly  believed. 

Version  0.2  of  Honeyd,  a  small  daemon  that  creates  virtual  hosts  on  a  net¬ 
work,  appeared  about  a  year  and  a  half  ago.  A  1.0  version,  under  development 
by  Provos  and  the  open  source  community  is  on  the  horizon. 

With  Honeyd,  you  can  configure  hosts  to  run  arbitrary  services  and  adapt 
their  personalities  so  they  appear  to  be  running  certain  operating  systems. 
Honeyd,  which  can  claim  up  to  65,536  IP  addresses,  is  used  primarily  for 
threat  detection  and  assessment.  By  using  various  configuration  tools, 
Honeyd  deters  adversaries  by  hiding  real  systems  in  the  middle  of 
virtual  systems. 

Because  this  field  is  so  new  and  the  developments  coming 
so  fast,  I  felt  more  comfortable  picking  a  free  honeypot  rather 
than  commercial  software.  Also,  Spitzner  considers  Honeyd 
the  most  powerful  honeypot. 

That  said,  a  couple  of  commercial  products  to  watch  are 
KeyFocus’  KFSensor,  a  low-interaction  honeypot  that  moni¬ 
tors  an  extensive  amount  of  ports  and  services;  Symantec’s 
Decoy  Server,  a  high-interaction  honeypot  used  not  only  to 
detect  or  deceive  bad  guys,  but  also  to  gain  additional  infor¬ 
mation  about  them;  and  NetBait’s  managed  service  honeypot. 

If  you  want  to  follow  or  participate  in  the  growth  of  this  area,  I  suggest  you 
hang  around  www.honeynet.org. 

Schwartau  is  the  president  of  Interpact  and  the  author  of  many  books  on 
security.  He  can  be  reached  at  winns@gte.net. 


Honeyd  deters  would-be 
hackers  by  hiding  live  sys¬ 
tems  within  virtual  systems. 
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ool  names 

Outstanding  product  names  are  becoming  less  of  a  rarity  in  the  network  industry. 
Here  are  some  of  the  best.  By  Julie  Bort 


omewhere  between  the  geekiness  of  the  late  1980s  and 
the  greediness  of  the  late  1990s,  technology  turned  “cool.” 
In  the  national  consciousness,  George  Jetson  was  replaced 
by  Max  Headroom;  Mad  Max  superceded  by  the  Matrix  (though  a 
leather-clad  Mel  Gibson,  no  matter  how  sweaty  will  always  remain 
cool  to  some  of  us.  Mel,  if  you’re  reading  this,  feel  free  to  e-mail  me). 


Corporate  LAN  Access  Module  —  the 
CLAM  router  (acquired  by  Bay  Net¬ 
works)  and  Scribble,  a  word  processor 
for  the  Amiga.“Silly  name,  not  a  bad  prod¬ 
uct  though,”  one  respondent  admired. 

Another  contributed  this  vague  recol¬ 
lection:  “Several  years  ago  there  was 
some  networking  software  called 
Promised  LAN.  Don’t  know  if  it  ever 
made  the  market  or  not.  I  remember  the 
hype  and  saw  some  beta  stuff.” 


The  network  industry  was  suddenly 
where  the  rich,  hip  and  happening  folks 
hung  out.  The  type  of  marketing  genius 
that  had  previously  gravitated  to,  say  the 
small  appliance  industry  or  car  manu¬ 
facturers  moved  in  on  technology  True,  I 
never  understood  all  of  their  ploys,  such 
as  mass  consumer  advertising.  (Why  run 
a  Super  Bowl  ad  for  a  $100,000  server  or 
a  $25,000  router?  Do  the  masses  really 
shop  for  such  products  like  they  shop  for 
beer?  Do  the  masses  shop  for  high-end 
network  gear  at  all?) 

But  those  hip  marketing  minds  do 
deserve  applause  for  overhauling  how 
technology  products  are  named.  Seems 
to  me  that  engineers,  with  their  love  of 
numbers,  apparently  ran  the  product¬ 
naming  show  for  many  a  year.  So  you 
had  your  IBM  650,  your  Wang  VS-16000 
850  and  let’s  not  forget  your  Cisco  2500. 
The  whoopee  naming  innovation  in 
those  days  was  random  capitalization 
and/or  punctuation  combined  with  the 
wild  abandonment  of  spaces  between 
words  (like  the  IBM  AS/400  or  Digital 
Equipment’s  OpenVMS  ). 

But  when  technology  became  cool, so 
did  a  slew  of  product  names. 

Security  products,  it  seems,  sport  the 
most  creative  names  —  particularly  intru¬ 
sion-detection  systems  (IDS),  according 
to  an  informal  survey  of  a  few  dozen 
Network  World  readers. 

Respondents  named  IDS  product 
Beadwindow  (from  the  same-named 
vendor)  as  the  favorite  clever  product 
name. You’ve  got  to  do  a  little  intellectual 
digging  to  “get”  the  wittiness  here. 
Beadwindow  is  a  military  code  word  for 
when  a  radio  operator  has  reliable  infor¬ 
mation  from  a  friendly  source  that  the 
enemy  has  breached  the  radio  network. 
Clever,  but  complicated.  More  to  the 
point  is  IDS  product  Manhunt,  created  by 
Nexland  and  acquired  by  Symantec, with 
one  respondent  suggesting,  “I  bet  they 


would  sell  more  to  IT  geeks  if  they  called 
it  Womanhunt.” 

Other  names  that  respondents  said 
were  among  the  industry’s  best  are,  in  no 
particular  order:  Strokelt,  an  open  source 
advanced  mouse-gesture  recognition 
program;  Skype,  an  open  source  Internet 
telephony  product;  Kill  A  Watt,  a  power¬ 
monitoring  device  from  Convenient 
Gadgets;  and  Ethereal,  an  open  source 
real-time  network  protocol  analyzer. 

On  second  thought,  maybe  I’ve  been 
unfair  to  the  older  product  gang.  Ad¬ 
mittedly  a  few  products,  like  the  Apple 
Macintosh  or  Lotus  1-2-3,  were  clever- 
name  forerunners  —  technology’s  equiv¬ 
alent  of  Britney  to  the  mass  number¬ 
laden  names  I’d  liken  to  Gladys  or  Edna. 
Readers  surveyed  fondly  recalled  several 
older  product  names,  such  as  Xylogic’s 


If  it  exists,  I  couldn’t  locate  it.  I  did,  how¬ 
ever,  find  some  PC  gamers  club  that  had 
adopted  the  term  for  its  on-site  LAN  par¬ 
ties.  Its  flyer  promised:“We  bring  the  food, 
two  power  outlets  and  a  network  jack. 
You  bring  the  PCs.”  A  yee-hah  interactive 
soiree  if  ever  I  heard  of  one. 

One  respondent  says  the  network  in¬ 
dustry  has  never  produced  the  best  prod¬ 
uct  names,  nor  the  best  slogans,  but  he 
had  some  ideas.  “I  used  to  use  a  small 
vacuum  gauge  that  was  made  by  a  com¬ 
pany  called  Consolidated  Vacuum.  They 
could  have  used  the  slogan  ‘We  work  for 
nothing!”’ 

But  I  still  think  today’s  crop  are  truly 
inspirational  considering  this,  which  1 
deem  to  be  among  the  best:“TruSecures 
Desktop  Risk  Assessment  Tool”  otherwise 
known  as  DRAT.  ■ 


Fingerprint  Authentication  Scanner 

AlterPath™Bio 


Enterprise  KVM  Solutions 

AlterPath™KVM 


Advonced  Console  Servers 

AlterPath™ACS 


Network  Management  Gateway 

AlterPath™  Manager 


Cyclades'  data  center  management  solutions  offer  a  full  range 
of  security  features  across  its  entire  product  line  of  console  servers, 
power  management,  KVM,  biometric  scanner  and  network  management. 
With  SSH  v2,  IP  Filtering,  strong  authentication,  event  logging  and 
data  logging,  Cyclades  can  make  your  network  into  a  secure 
heavyweight  contender  in  the  data  center  world. 


Intelligent  Power  Distribution  Units 

AlterPath,MPM 


■ 


INSIDE 


For  a  FREE  white  paper  on  data  center  security,  please  visit  us  at  www.cyclades.com/securitywp 
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"I’m  talking  ZERO  spam....  Life  is  good." 

David  Lindsay,  SVIC.net 

Vircom  is  one  of  the  finest  companies 
I  have  ever  worked  with." 

Jon  Baldwin,  AK  Internet 


/Tve  had  over  200  non-solicited  thank  yous 
from  my  customers  so  far."  -  "" 


"Vircom  two  thumbs  up!  Three  if  I  had  an  extra!" 

Jeff  Beadle,  Mako  Internet 


"Modus3  is  a  fantastic  product." 

Michelle  Dyason,  Networld  Online 


"They  MUST  be  using 

some  type  of  voodoo  in  their  catch  algorithm." 

a  sc 
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"...the  accuracy  of  3.0  is  near-perfect. 
This  has  taken  a  huge  burden  off  our  shoulders." 


Bruce  E.  Houck ,  Morris  Architects 


VircoM 


NetOp 

RemoteControl 


Helping  YOU 


NetOp  Remote  Control 

If  you  think  all  remote  control  and  support  software  packages 
are  the  same  -  try  NetOp  today.  NetOp  Remote  Control  is  faster, 
offers  the  highest  level  of  security  and  has  more  support 
features.  Visit  www.RemoteControlSW.com  to  take  NetOp  for  a 
FREE  test  flight  and  make  your  remote  access  and  support 
really  fly. 

■V.  Streamline  &  optimize  your  Help  Desk  operations 
IT  pros  fix  more  problems  -  faster 
Top-rated  remote  access  security 

Works  with  ail  your  systems  -  Windows,  Mac,  Linux  &  more 
"V  Near  real-time  screen  redraws  -  even  cross-platform 
’V  Advanced  scripting  options  and  file  synchronization 
*-s  One-button  hardware  &  software  inventories 
*s.  integrates  well  with  your  system  management  software 


Toll  Free  Sales  and  Support:  800.675.0729 
services@Cross~ecCorp.com  |  www.CrossTecCorp.com 
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NetOp  and  the  red  kite  are  registered  trademarks  of  Danware  Data  A/S.  Other  brand  and  product  names  are  trademarks  of  their  respective  holders.  ©2004  Copyright  Danware  Data  A/S.  All  rights  reserved. 


SERIOUS  EVENT  LOG  MANAGEMENT. 

WITHOUT  THE  BULL." 


Installing  some  of  today's  mega  management  software  packages  is  often 
like  unleashing  a  bull  in  a  china  shop,  or  at  least  in  your  network. 

This  is  why  Dorian  Software  Creations'  modular  approach  lets  you  decide 
and  deploy  the  event  log  management  strategy  that  works  best  for  you  and 
best  meets  your  needs. 

Look  to  Event  Archiver™  for  automated  log  collection,  Event  Analyst™  for 
log  filtering  and  reporting,  and  Event  Alarm™  to  monitor  your  log  files. 
Finally,  they  combine  to  provide  the  only  patent  pending  total  solution  for 
event  log  management,  without  the  bull. 

Di 

Dorian  Software  Creations,  Inc. 


For  a  free  white  paper  and  other  tools  to  help 
you  build  an  affordable 
event  log  strategy,  visit 

www.doriansoftware.com/roi. 


in 


www.doriansoftware.com/security 

FOR  MORE  INFORMATION  AND  YOUR  FREE  30  DAY  EVALUATION 
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Anywhere,  Anytime 
Console  Port  Management 

When  business  critical  servers  or  networks 
malfunction,  the  Equinox  CCM  console  manager 
gives  you  the  tools  to  securely  and  quickly 
restore  normal  functionality. 


One  Equinox  Way,  Sunrise  FL  33351,  email:  sales@equinox.com  or  for  international  customers  email:  intlsales@equinox.com. 

©  2004  Avocent  Corporation.  Equinox  and  AVWorks  are  trademarks  or  registered  trademarks  of  Avocent  Corporation  or  its  affiliates.  All  other  marks  are  the  property  of  their  respective  owners. 


CCM  solutions  include: 

■  SSH  v2/Telnet  host 

■  Strong  authentication 

■  Offline  buffering 

■  SUN  break  safe 

■  In/out  of  band  access 

■  Point  and  click  access 


With  the  CCM  you  can: 

■  Be  organized 

■  Tighten  security 

■  Manage  users 

■  Establish  permissions 

■  Be  proactive 

■  Log  critical  events 


Download  your  free  guide! 

8  Key  Reasons  Why  Administrators 
Rely  on  Console  Port  Management 
Solutions  at  www.equinox.com 


Available  in 
8  and  16-port 
models.  Call  for 
more  details  on 
48-port  model. 


AVWorks™  management  software  and 
the  CCM  console  manager  integrate 
with  Avocent's  KVM  over  IP  switches 
and  intelligent  power  controllers  to 
offer  total  data  center  management 
from  a  single  application. 


Devices  in  Radi 

Local  or  remote 
console  access. 

Serial 

Telnet 
Client 


SSH 

Client 


For  a  30-day  product  evaluation,  call  1-800-275-3500 
ext.  247  or  954-746-9000  ext.  247 


CCM  1640 


AVWorks 

Client 


Power 
Control 

Linux  Server 
Windows  Server 
Unix  Server 
Switch 
Router 


Dial  Access 
Client 


Local 
Terminal 


Custom  Management  Levels 


OBSERVER 

•  Decode  ever  500  protocols 

•  Long-term  network  trending  &  analysis 

•  ReaLtime  statistics  - 


Remote  &  Hardware  Options 


REMOTE  NETWORKING  PROBES 

•  Fully  distributed 

•  Monitor  up  to  64  NICs  simultaneously 

•  New  levels  of  problem  solving  collaboration 


EXPERT  OBSERVER 

•  What-lf  Modeling  Analysis 

•  Expert  Analysis 

•  Connection  Dynamics 

OBSERVER  SUITE 

•  Complete  SNMP  device  management 

•  Supports  full  RM0N1.  RM0N2,  HCRMON 

•  Web  Publishing  Reports 


GIGABIT  &  WAN  HARDWARE  OPTIONS 

•  Portable  analyzer  systems 

•  Rack-mount  Probes  ready  to  go 

•  Direct,  passive  link  for  independent  views 


WE  MAKE  IT  HAPPEN. 


Test-drive  the  new  Observer  9.0  today  and  see  how  it  immediately 
finds  problems  you  didn’t  know  you  had,  optimizes  network  traffic 
and  provides  insight  for  future  planning.  Call  800-526-5958  for 
a  full  featured  evaluation  or  visit  our  website  at 

www.networkinstruments.con  nine 

introducing  Observer  9.0  ^ 

•  New  Application  Analysis 

•  Remote  probes  now  provide  multi-interface  and 
multi-session  support 

•  Industry-first  4GB  packet  capture  buffer 

•  Wireless  Site  Survey  Modes 

•  Nanosecond  resolution 


iS&  Canada  Toll  free:  (800)  526-5958  *  Fax:(952)932-9545  •  UK  &  Europe: +44(0)  1959  569880 

One  Network  Complete  Control  Wired  to  Wireless  •  LAN  to  WAN 


www.networkinstruments.com/nine 

©  2004  Network  Instruments,  LLC.  All  rights  reserved.  Observer,  Network  Instruments  and  the 
Network  Instruments  logo  are  registered  trademarks  of  Network  Instruments,  LLC. 


APC  solves  top  4  rack  problems. 


Solve  your  most  pressing  rack  problems: 

1)  cabling  nightmares  2)  hot  spots  3)  blown 
circuit  breakers  4)  brand  incompatibility. 

The  APC  NetShelter®  VX  lets  you  easily 


respond  to  future  requirements  and  change. 
Plus,  the  NetShelter  VX  comes  with  the 
"Fits  Like  a  Glove''*  money-back  guarantee 
to  ensure  compatibility  with  all  IT  equipment. 


Whether  you  need  a  simple  solution  or  are 
thinking  big,  you  can  depend  on  just  one  ven¬ 
dor  of  choice.  Visit  us  today  at  www.apc.com. 


HP/COMPAQ  •  SUN  •  IBmX 


GUARANTEED 

COMPATIBILITY 


DELL  •  CISCO  •  LUCENT ) 


*"Fits  Like  a  Glove"  guarantees 
that  all  brands  of  EIA-310-D 
compliant  equipment  fit  inside. 


.NetShelter®  VX  Enclosures  ix-lfrufifd) 


Next  generation,  high-quality  enclosures 

•  Fully  ventilated  front  and  rear  doors  with  enhanced  ventilation  pattern  maximize  airflow 

•  Overhead,  base  and  side  cable  access  provides  easy,  integrated  cable  management 

•  Rear  Cabling  Channel  (42" deep  versions  only)  allows  for  easy  installation, 
access  and  serviceability  of  both  data  cables  and  power  distribution 

•  Available  in  multiple  configurations:  35.5"  deep,  42"  deep,  beige  or  black 

JNIetShelter®  Open  Frame  Racks  <  x  - r. f r t i  f !  f n  i  f4-PnstnniY] 


Economical  solutions  for  wiring  closets  and  networking  applications 

•  Designed  to  accommodate  networking  devices  such  as  hubs,  routers  and  switches 

•  Industry  standard  7'  high  design  provides  45U  of  equipment  mounting  space 

•  Self-squaring  design  allows  one-person  assembly 

•  Made  of  high-strength  6061 -T6  structural-grade  aluminum 


Rack  Air  Removal  Unit  (ARU)  (x-r.FRTiFiFoi 

Heat  removal  for  enclosures  in  IT  rooms  and  data  center  hot  spots 

.  Enables  up  to  7.5kW  of  power  consumption  in  a  rack,  without  taking  up  U  space 
.  Automatic  fan  speed  adjustment  leads  to  greater  energy  efficiency 
.  Dual-power  input  cords  allow  the  unit  to  attach  to  redundant  power  sources 
.  Ducting  kit  to  drop  ceiling  plenum  allows  higher  temperature  from  equipment 
exhaust  to  be  delivered  directly  to  A/C  return  stream 


Power  Distribution  Units  (x-cfriififd) 

Distribute,  monitor,  and  remotely  control  power  in  rack  enclosures 

•  Basic:  Vertically  and  horizontally  mounting  ^ 

with  a  range  of  amps  and  voltages 


•  Metered:  Ability  to  monitor  the  current  draw  and  set  alarm  thresh¬ 
olds  that  when  exceeded,  provide  both  visual  and  audible  alarms 

•  Switched:  Offer  individual  outlet  control,  power  on  and 
off  displays,  current  monitoring,  alarm  thresholds  and 
network  management. 


Environmental  Management  Unit  x 

Networked  appliance  enables  management  of  a 
wide  range  of  access  and  environmental  conditions 

•  Browser-accessible  1U  rack-mountable  appliance 

•  Monitor  third-party  devices  via  8  input  contacts 

•  Control  third-party  devices  via  2  output  relays 

•  Early  warning  notifications  to  appropriate  personnel 


££fi.T!FJ£Di 


LCD  Monitors  (x-rFRTiFirm 

111  rackmountable  integrated  LCD,  keyboard  and  mouse 

•  Occupies  only  1U  of  rack  space  compared  to  the  10U 
to  13U  of  space  required  by  a  traditional  CRT  monitor 


Take  the  APC  Rack  Challenge,  find  out  how  the  new 
NetShelter®  VX  outperforms  your  brand  and  get  a  FREE  T-shirt* 

Visit  httpS/promo.apc£om  Key  Code  p936y  •  Call  888-289-APCC  x6679  •  Fax  401-788-2797 

E-mail:  esupport@apcc.com  •  132  Fairgrounds  Road.  West  Kingston.  Rl  02892  USA  •  APC1B4EF-USb  •  'First  100  respondents  only. 

©2004  American  Power  Conversion  Corporation.  All  Trademarks  are  the  property  of  their  owners. 
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Local  or  Remote  Server  Management  Solutions 


UltraConsole 

PROFESSIONAL  SINGLE-USER 
KVM  SWITCH  SUPPORTS  UP 
TO  1000  COMPUTERS 


UitraMatrix  Remote 

REMOTE  MULTIPLE  USER 
KVM  MATRIX  SWITCH 
ACCESS  OVER  IP  OR  LOCALLY 


•  Connects  up  to  1000  computers  to  a  KVM  station 

•  Models  for  4,  8,16  computers 

•  Advanced  visual  interface  (AVI) 

•  Compatible  with  Windows,  Linux,  Solaris,  and  other  O/S 

•  Connects  to  PS/2,  Sun,  USB,  or  serial  devices 

•  Converts  RS232  serial  to  VGA  and  PS/2  keyboard 

•  Free  lifetime  upgrade  of  firmware 

•  Security  features  prevent  unauthorized  access 

•  Full  emulation  of  keyboard  and  mouse  functions  for  automatic, 
simultaneous  booting 

•  Easy  to  expand  _  _ 


Connects  1,000  computers  to  multiple  user  stations 
over  IP  or  locally 

High  quality  video  up  to  1280  x  1024 
Scaling,  scrolling,  and  auto-size  features 
Secure  encrypted  operation  with  login  and  computer 
access  control 

Advanced  visual  interface  (AVI) 

No  need  to  power  down  servers  to  install 
Free  lifetime  upgrade  of  firmware 
Available  in  several  models 
Easy  to  expand 


KVM  RACK  DRAWER  WITH  KVM  SWITCH  OPTION 


800  333  9343 

WWW.ROSE.COM 


ELECTRONICS 


SERVERS  WITHIN  YOUR  REACH 
FROM  ANYWHERE 


•/'.'A  KVM. swj(c^f allows  single or.multiple 

worksfOtrong-ro  have  local  or  remote  access  to 
.  multiple  computers  located  in  server  rooms  or 
.  ..  Oh'  the  desktop  regardless  Of  their  platforms 
'  .  and, operating  systems.  KVM  switches  have 
.rLtraditipr^aily; provided  cost  savings  in  reducing 
I'  energy  and-.-eouipment  costs  while  freeing  up 
-  valuable  real  estate. 


Recognized  as  the  pioneer  of  KVM  switch 
technology.  Rose  Electronics  offers  the 
industry's  most  comprehensive  range  of 
server  management  products  such  as  KVM 
switches,  extenders  and,  remote  access 
.solutions.  Rose  Electronics  products  are 
known  for  their  quality,  scalability,  ease  of  use 
and  innovative  technology. 


Rose  Electronics  is  privately  held  with  world- 
headquarters  m  Houston,  Texas  and  sells  its 
products  worldwide  through  a  large  network  of 
Resellers  and  Distributors.  Rose  has 
operations  in  the  United  Kingdom,  Spain, 
Germany,  Benelux,  Singapore  and  Australia. 


Rose  Electronics 
10707  Standiff  Road 
Houston,  Texas  77099 


ROSE  US  +281  933  7673 

ROSE  EUROPE  +  44  (0)  1 264  850574 

ROSE  ASIA  +65  6324  2322 

ROSE  AUSTRALIA  +617  3388  1540 


RADMIN: 


KEEP  CONTROL 


Famatech 


STAY  REMOTE 


2003  Famatech  LLC 
matech,  Remote  Administrator 
and  Radmin  are  trademarks 
of  Famatech  LLC. 
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Radmin  key 
benefits: 

-  flexible  pricing 

-  real-time  speed 
of  work 

-  friendly  interface 

-  stable  trouble- 
free  performance 
security 

-  free  e-mail 
support 


TRY  RADMIN  2.1 
FOR  FREE! 

DOWNLOAD 

30-DAYS 

FULLY 

FUNCTIONAL 
TRIAL  VERSION! 


j  Radmin  is  a  reliable  and  secure  remote  control  software  especially  designed  for-and-by  busy  system 
The  truly  crucial  features  are  all  there:  incredibly  fast  remote  control,  file  transfer,  NT  security,  telnet  an 
s'  oort.  Radmin  is  blisteringly  fast:  you  can  work  on  a  remote  computer  exactly  as  if  you  were  right  th 

keyboard.  Radmin  3.0  is  coming  soon!  See  details  at:  www.radmin.com/news 


Itilanguage 

its  e-mail: 

radmin@radmin.com 
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your  eye  on  the  network 

Control  your  network,  don’t  let  it  control  you 
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Network  problems  are 
costing  your  company 


Downtime. 

Poor  customer  service. 

Email  and  internet  problems. 
Reduced  productivity. 


tlejuirplel < 


ox.com 
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The  Oculan  250  a 

world-class  network  and  security 
management  appliance,  enhances 
your  network  security,  reduces 
downtime,  provides  useful 
reports  and  optimizes  your  IT 
resources.  To  learn  more  about 
the  Oculan  250,  call  us 
today  at  800-247-5080  or 
check  us  out  on  the  web  at 
www.purplebox.com. 


BestiTests 

NetworkWorld© 


|  wvwv.buyuptime.  com 
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Your  One-Stop  Shop  for  high  availability  products 


Network  Cables 

Cisco  and  Fiber 
Cabling 

Printer,  Modem 
VGA  Cables 
and  Adapters 

Enclosures 

Enclosure 

Accessories 

Power  Adapters 
Cooling  Solutions 
Laptop  Accessories 
Racks 

Rack  Accessories 

Power  Distribution 
Devices 

Security  Hardware 
Surge  Protectors 

UPS  Cables  and 

Accessories 

UPS  Management 
Peripherals 

UPS  Management 
Software 

UPS  Replacement 
Batteries 


High  Availability  Made  Easy  — — — . — - — — — . — - 

BuyUptime.com  is  a  leading  supplier  of  end-to-end  UPS  power,  thermal  cooling,  and  management  solutions. 
Visit  us  today  to  find  the  high  availability  solution  that  is  right  for  you. 

Power  Protection  and  Management  Solutions! 

Starting  a  O 

49*  ]  Power  Protection  Solutions  for 
Desktops  and  Server  Applications 

Protects  your  hardware  and  data  by  supplying 
quality-grade  battery  back-up  power 

Robust  diagnostics  allow  network  administrators 


to  solve  problems  before  they  happen 

•  Protects  anything  from  desktops  and  single 
servers  to  fully  populated  racks 

Includes  Power  Management  software  with  purchase 
(excludes  refurbished  units) 


Network  Power  Management 
Accessories 

•  Power  Distribution  Units  -  metered  outlet 
strips  for  racks/enclosures  provide  alarm 
thresholds,  toolless  mounting  abilities 


■■■■■■■■ 


ChargeUPS  -  APC  premium  Replacement  Battery  Unit 
with  2  year  warranty  extension  on  battery  and  UPS, 
plus  FREE  software  upgrade 

•  RBC  -  APC  premium 
Replacement  Battery 
Cartridges 

•Prices  include  standard  shipping 


Order  via  our  promo  page  and  save 

Visit  http://promo.buyuptime.com 
and  enter  Key  Code:  p677y 


Or  Call  Toll  Free: 

1-888-288-8843  to  order. 

Fax:(877)411-2080  •  e-rnaii.S3les@buyuptime.com 

801  Corporate  Centre  Drive.  St  Charles.  MO  63304  •  BY4A 3SP-  ■  S 

©2004  Systems  Enhancement  Corp 

All  Trademarks  are  the  property  of  their  owners 
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Who’s  Protecting 
Your  Network? 


GTA's  Firewall  Team 

Tough  Network  Security 

✓  Building  Firewalls  for  over  1 0  years 

✓  ICSA  4.0  Corporate  Certification 

✓  5  appliances  to  match  your  network  needs 

✓  Easy,  Flexible  Implementation  Options 

✓  IPSecVPN 

✓  Affordable  pricing 


Global 
Technology 
Associates,  Inc. 


1-800-77S-4GTA  •  www.gta.com  •  lnfo@gta.com 


dtSearch* 


Instantly  Search  Gigabytes  of  Text  Across 
a  PC,  Network,  Intranet  or  Internet  Site 


Publish  Large  Document  Collections 
to  the  Web  or  to  CD/DVD 

♦  over  two  dozen  indexed,  unindexed,  fielded  &  full-text  search  options 


♦  highlights  hits  in  HTML,  XML,  &  PDF  while  displaying  embedded 
links,  formatting  &  fffiTilil&t 

♦  converts  other  file  types  (word  processor,  database,  spreadsheet, 
email,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 
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“The  most  powerful  document  search  tool  on  the  market” 
-Wired  Magazine 


“Intuitive  and  austere  ...  a  superb  search  tool”  -PC  World 


“Blindingly  fast”  -Computer  Forensics:  Incident  Response  Essentials 


“A  powerful  arsenal  of  search  tools”  -The  New  York  Times 


dtSearch  “covers  all  data  sources  ...  powerful  Web-based 
engines”  -eWEEK 


J 

j 

J 


J 


Searches  at  blazing  speeds”  -Computer  Reseller  News  Test  Center 


In  the  past  two  years,  over  half  of  the  Fortune  15  purchased 
dtSearch  developer  or  network  licenses. 


1-800-IT-FINDS 

sales@dtsearch.com 


See  www.dtsearch.com  for: 

♦  hundreds  of  developer  case  studies  &  reviews 

♦  fully-functional  evaluations 


'dtSearch 


dtSearch 


dtSearch 


PUBLISH 

for  CD/DVDs 


Industrial-strength .. 
Minerb"-PC  Magazine 


"Industrial-strength.. 
superb"-pc  Magazine 


Industrial-strength.. 
Superb"-PC  Magazine 


♦  for  Win  &  .NET 
♦  for  Linux 


♦  call  for  pricing 


^«Tlndustr 
|  superb 


Industrial-strength.. 
«uDerbw-FC  Magazine 


sal  ^ 

'♦9’r'lndustrial-strength.. 
superb"-pc  Magazine 

♦  from  $2,500 


♦  from  $800 


The  Smart  Choice  for  Text  Retrieval®  since  1991 
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increase  capacity  •  expand  coverage  •  maximize  performance  •  rapid  installation  •  minimize  cost 

5  reasons  why  more  and  more  companies 
are  jumping  to  Redline  Communications 


Redline's  technology  adds  capacity  to  any  network  without 
changing  current  network  infrastructure.  Wireless  technolo¬ 
gy  provides  a  flexible  and  scalable  alternative  to  fiber  or 
leased  lines  and  can  be  deployed  in  a  fraction  of  the  time. 
Redline's  high  capacity  wireless  backhaul  solutions  enable 
wireless  and  wireline  service  providers  to  meet  their 
customer's  growing  needs  for  bandwidth,  coverage,  and 


mobility.  Quick  and  simple  to  deploy.  Redline's  systems 
provide  secure  voice  and  data  connections  that  are 
completely  scalable,  cost  effective,  and  reliable.  Redline's 
technology  significantly  reduces  recurring  expenses  on  T1 
backhaul  costs  and  makes  it  simple  for  carriers  who  are 
migrating  to  VoIP  networks  by  combining  T1  and  IP  all  in 
one  wireless  link  -  all  backed  by  Redline's  leading  OFDM 


technology  for  robust  connectivity.  Because  Redline  develops 
it's  own  wireless  technology  and  network  management 
software.  Redline  systems  are  truly  integrated  solutions  with 
vastly  superior  support.  Just  one  phone  call  can  help  resolve 
most  issues  with  your  Redline  product  -  anywhere,  anytime 
and  hassle  free. 


For  more  information  visit  us  at  CTIA  Wireless  booth  #3967  or  visit  our  website  at  www.redlinecommunications.com/5_reasons  or  call  us  at  1  -866-633-6669 


communications 


www.wti.com 


(890)  854  7216 


western  telematic  incorporated 
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"Keeping  the  Net.. .Working!" 


Servers,  routers,  and  other  electronic  equipment  sometimes 
“lock-up,”  often  requiring  a  service  call  to  a  remote  site  just  to  flip 
the  power  switch  to  perform  a  simple  reboot... 

The  NBB  “Mini”  Boot  Bar  Power  Switch,  gives  you  the  ability  to 
perform  this  function  from  anywhere! 

■  Web  Browser  Access  for  Easy  Operation 

■  Telnet  and  Serial  Access 

■  Encrypted  Password  Security 

■  Five  Individual  Outlets 

■  Power-up  Sequencing 

■  On  /  Off  /  Reboot  Switching 

■  Versatile  Zero  U  Mounting 


Yes,  you  can  Switch 
Power  over  the  Internet. 


3WII  Network  Boot  Hot 


|  Efc  E<*  Yew  FjvMfc!  loop  Htlti 


NETWORK  BOOT  BAR 


LOCATION:  NBB  Live  Demo  Unit 

SWITCH  PANEL 
Plug  Name 

1  Server  1 


2 

3 

4 

5 

AU 

Plugs 


Server_2 

Hub 

Router 

Modem 


Setup  |  LjgOul  | 


Status 

FoaTl 

row} 

ran 

OFF 

ran 


Firmware  Version:  1.01 

On  Otr  Boot 
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MINI  SUPER  For  Clusters 


NO-FRILLS  STORAGE  SERVER 


aji  systems  are  pre-loaded  with  any  Linux/BSD  version/distribution  of  your  choice.  On-site  warranty,  cross-ship  options  available. 


1U  14*  Depth 

1  of  2  Intel®  Xeon™  processors  2.4  GHz 
Serial,  VGA.  USB  2.0,  Mouse,  Keyboard 
AJI  ports  Front  Accessible 
1  x  10/100,  1  x  Gigabit  LAN 
512  MB  DDR  ECC  (Max  8  GB) 

Options:  CD,  Poppy 


$1249 


Ctsai5i»a»i* 
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6  TB  IDE/SATA  storage  in  5U  ! 

Dual  Intel®  Xeon™  processors  2.4  GHz 
51 2  MB  DDR  ECC  (Max  8  GB) 

6  TB  IDE  Raid  Storage 
Dual  Gigabit  LAN,  CD 

Options:  Serial  ATA  Drives,  Rrewire,  DVD±RW, 
CDRW,  64-bit  OS  configuration,  Additional  LAN, 
Floppy.  Fiber  Gigabit 


8  HOT-SWAP  BAYS  IN  2U 


$12,199 


1  of  2  Intel®  Xeon™  processors  2.4  GHz 
512  MB  DDR  ECC  (Max  8  GB) 

1  x  40  GB  IDE  in  Raid  5 
1  x  10/100,  1  x  Gigabit  LAN 
CD.  Floppy 

Options:  SATA,  SCSI,  Redundant  Power  Supply,  Raid  0,1 ,5 


$1,349 


In  business  since  1989,  ASA  builds 
custom  computing  and  storage  solutions 
compatible  with  open-source  OS  (BSD,  Linux)  and 

'"also  Solaris  and  Windows.  ASA  has  always  enjoyed  strong 
financial  stability  and  a  loyal  customer  base. 


ASA  —  Custom  Servers  and  Storage 

www.asacomputers.com  •  866-382-5263 

2354  Calle  Del  Mundo,  Santa  Clara,  CA  95054 

For  details/inquiries/customization  email  sales@asacomputers.com 


Production  Tracking  Over  Ethernet 
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Eliminate  your  shop-floor 
PCs  with ... 

Ethernet  Terminals  from 
ComputerWise  connected  to 
your  in-house  LAN. 

Capture  production  data 
directly  into  files  on  your 
server. 


Features  &  Benefits 

•  Interactive  Telnet  Client 

•  TCP/IP  over  10/IOOBaseT  Ethernet 

•  Built-in  Barcode  Badge  Reader 

•  Optional  Mag-Stripe  &  RFID  Badge  Reader 

•  Auxiliary  RS-232  Serial  port 

•  Customizable  Data  Collection 
Program  Included 

•  Larger  keyboard  and 
display  sizes  available  £,. 

is*’#  • 


COMPl  TKKWISE. 

Call  1-800-255-3739  ar  visit  www.computerwjse.com 
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Diskr2-Disk  (Fast  Restore),  Door-2-Door  (Electronic  transfer), 
Dusk-2-Dawn  (transfer  data  while  you  sleep), 
and  Day-2-Day  (lower  maintenance  &  TC0) 


IntraPvn 


yvWw.rockfeivault.cum 

5666  Lincoln  Drive  #205  Minneapolis,  MN  55436 
(952)  936-7733  Fax  (952)  908-1 1 21 
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If  it’s  on  the  Kl  WORLDWIDE  PROVIDER 
netvyork,-  »-  -  OF  NETWORK 

we’ve  got  it!  HARDWARE 

I  SINCE  1981! 

•  NetWork  Hardware 


THE  NETWORK  SPECIALISTS 

WRCA..NET 


•  Memory 


A 


•  Accessories  .  m 

sales@wrca.net  -  (800)699-9722x102 


FIBER  OPTIC  SOLUTION^ 


•  Tl/El  &  T3/E3  Modems 

•  RS-232/422/485  Modems  ond 
Multiplexers 

•  IBM  3270  Coax,  AS400  Twinax,  and 
R S 6 0 0 0  Modems  and  Multiplexers 

•  LAN  -  Arcnet/Ethernet/Token  Ring 

•  Video/Audio/Hubs/Repeaters 

•  ISO-9001 


Toll  Free  866-SITech-l 
630-761-3640,  Fax  630-761-3644 
wvw.silech-bildriver.com  or  www.silechfiber.com 


NetworkWorld 

THE  HUB  OF  THE  NETWORK  BUY 
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Ligas  Enterprises,  Inc.  Yrs  in  Business -16  Equipment  Serviced  - 

/y  p  -y  ,  f  Same  Day  Shipping  -  Yes  Refurbished 

Standard  Warranty  -  6  mos.  Jo  Advanced  Replacement  -  Yes 
1  year  Manuals  Available- Yes 

Ph.800-366-2087  Equipment  Condition  Sold  -  Tech  Support  to  Buyers 

Email:  sales@ligasant8rprises.com  New  and  Refurbished  Volume  Discount-  Yes 
Web:  www.llaasenterDrises.com  Blind  Shipping  Available  -  Yes  Upgrades/Parts/Phones  -  Yes 


(800)  300-2087 

Bus  (770)  992-6098  -  l  ax  (770)  992-2848 
953  Forrest  St-  •  Roswell,  GA  30075 

' - ^  WWW.LIGASENTERPRISES.COM 

“WE  SELL  &  BUY  WORLDWIDE” 

CHECK  WITH  LIGAS”  LOW  PRICES  -  UP  TO  70%  OFF 


Equipment 

Manufactures 

Supported: 

MEG 
Toshiba 
Categories 
Supported 
PBX/ACD’s 
Voicemail 
Predictive  Dialing 
Resident/Tenant 
Long  Distance 
Digital 

Voiceloggers 


ACD’s/PBX 

ACDS,  CALLCENTERS, 
RESIDENTIAL  RESALE, 
PREDICTIVE  DIALER® 

ACD  S,  CALL  CENTERS 
PBX'S.  SMALL  KEYS 
EON.  SOLID  STATE,  CORTELCO 
ASPECT,  ROLM,  NORTHERN 
MERIDIAN.  MITEL,  TOSHIBA, 
MITEL,  TOSHIBA,  OCTEL,  VMX 
(ALL  SPARES.  UPGRADES  ETC.) 


Mitel 

SXSO 
SX200 
SX200D 
SX200Light 
SX2000 
SX2000  Light 
SS3  &  SS4  Tel. 
SS3DN  &  SS4DN 
SS410,  420.  430 


Lucent1 

Partner 
Legend 
Definity 
System  25 
System  75 


Coxxer  Mountain 
Dell 
EMC 

Extreme  Networks 
FORE/Marconi 
Foundry 
HP  Networks 
Junyres 

Lucent  Technologies 
Nortel 
Octel 
Polycom 
Riverstone 
Sycamore 


Octel/VMX 

Branch 
Branch  XP 
Aspen 
Maxum 
Sierra 
Overture 
VMXIOO 
VMX200 
VMX300 


3  Com 

ADC  Kentros 
ADIC 
ADTRAN 
AIRonet 
Arrow  Point 
Ascend 
Ayava 

Bay  Networks 
Breezecom 
Brocade 
Carrier  access 
Ciena 

Cisco  systems 


Octel/VMX 

Lucent 

Nortel 

Rolm 

Mitel 

Solid  State 
Cortelco 
Aspect 
Fujitsu 
Intecom 


Fujitsu'"'  9600 

Systems  Parts 
DT12DS 
DT24 
B16  DLC 
DTI  2  DS  tel 
FT  2  4 

Cortelco/Eon 

EQ/Enterprise,  Cortelco/Solid  State 
Cards,  Parts  Upgrades 
SR224  -  Station  Cards,  T-I’s  PRI’s 
SRIOOO  -  Full  Systems,  ACD  s/PBX  s 
DSP’s  -  Carriers,  Power  Supplies 


Rolm® 

9200’s,  9751 ’s, 
Siemens,  Saturn 
Classic  Phones 
120,240.  400 
600  series  phones 


Toshiba® 

Strata  A 

Perception 
DK  Series  W 
2010,  2020  Tel. 

Nortel® 

Norstar 
Meridian 
2008,  2616  Tel. 
7208,  7310,  7324 


Superset  4025  DK 

Superset  420  LT,  DK 

Superset  4 

Phone400 

624SL 

240EH 


Fujitsu 


Rolm 


Cisco  Sysihus 


AVAyA® 


WANT  AN  EXCELLENT  PARTNER  FOR  YOUR  SECONDARY  TELECOMMUNICATIONS? 

LIGAS  ENTERPRISES  INC.  HAS  25  YEARS  EXPERIENCE  IN  THE  OFFICE/TELECOM  BUSINESS,  BUYING, 
SELUNG,  EXPORTING,  TRADING  AND  JOINT  VENTURING  MOST  MAJOR  PBX.s  &  VOICEMAIL 


A  TELECOM  ASSET  MANAGEMENT  CO 


“QUICK  QUOTES”  For  Competitive  Pricing  1-800-366-2087 
Add  up  to  5  years  longevity  to  your  equipment 


J  SERVERS • H 

JETWORKING  • 

EMC  STORAGE  *1 

*  ,  /  ;? 

.-  »  '*i  ■ 

*cs 

ay.,  jsy ,  Tar  f 9  a  MU  11 

Vivendi  Universal  Net  USA  Group, 

MP3.com,  In 

Thurs.,  March  10  &  11  AT  1( 

4780  &  4790  Eastgate  Mall,  San  Diego  (La  Jolla) 


Wed 


(PSD 


Inspection:  Mon.  &  Tues.,  March  8  &  9,  9:00AM-  5:00PM 


Complete  100,000  sq.  ft.  facility.  1 00s  of  Servers  •  Clarion  EMC  Storage  •  1 00s  of  PCs,  Notebooks,  Printers  •  Office  Furniture 
including  Herman  Miller  Aeron  Chairs,  Conference  Rooms  •  Contemporary  Reception  &  Breakroom  Furniture  •  Recording 
Rooms:  Digital  Audio  /Video  Production  &  Editing  Equip.  •  Complete  10,000  Sq.FtGym  Facility  •  Lockers,  Massage  Tables  &  More 
•  Game  Room  Equip.:  Vintage  For  More  Information  and  to  View  Inventory  Visit  us  at: 

Arcade  Games,  Foosball,  Ping 
Pong,  Billards  •  Artwork  • 

Collectables  &  Musical  - i,m« /py trffP1  f 1  y.1^ 'f 1 1'Tr'iWri1  T TiT^1  nffnvrtfiTTT’f  QQQ  0  7C  CAf  n 

Instruments*  &  more...  O00"&/  JUIJ1 


ror  more  mrormanon  ana  to  view  inventory  visit  us  ai: 

wwwXowanAkxander.com 
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Advertising  Supplement 


IT  Careers  in  the  Philadelphia  Corridor 


If  business  leaders  in  Pennsylvania  have  their  way,  the 
area  will  become  a  high  tech  hub  of  activity  built  on 
the  backbone  of  higher  education  institutions  such  as 
Carnegie  Mellon,  University  of  Pennsylvania,  Penn  State, 
Drexel,  Temple  and  Lehigh,  allowing  the  state  and  region  to 
forecast  IT-related  job  growth  at  12,500  positions  per  year. 
When  paired  with  the  state  of  Pennsylvania's  Innovation 
Zone  program  designed  to  develop  workforce  and  job 
opportunity,  the  equation  is  designed  to  bring  in  high-end 
IT  jobs. 

The  demand  is  for  a  full  range  of  skills  related  to 
application,  software  and  network  development, 
computing  support,  and  data  analysis  and  management. 
Innovation  Philadelphia  also  predicts  new  IT  jobs  in 
bioinformatics. 

Richard  Overmeyer,  program  manager  for  the 
Pennsylvania  Department  of  Economic  Development,  says 
the  Philadelphia  area  already  hosts  a  number  of  companies 
in  the  high  tech  field  "providing  high  tech  professionals 
with  a  number  of  companies  to  choose  from  without 
relocating."  Overmeyer  says  growth  is  forecast  in  a  number 
of  critical  demand  areas,  including  biotechnology,  cyber 
security,  homeland  security  and  biotechnology. 

Among  the  big  companies  are  SAP,  Unisys,  Level3, 
Comcast,  Immunicon,  Lockheed  Martin,  and  Cephalon  Inc. 
Cephalon  is  adding  200,000  square  feet  of  office  space  and 
is  planning  to  build  a  new  headquarters  campus  in 
southeastern  Pennsylvania.  Another  biotech  start-up, 
Protalex  Inc.,  recently  announced  its  move  from 


deals  in  a  given  space,  and  our  indicators  point  to  a  strong 
market  for  IT  professionals  in  the  Philadelphia  area." 


Albuquerque  and  San  Francisco  to  the  area  to  be  closer  to 
the  growing  biotech  community.  IPR  Intelligence  is  a  start¬ 
up  with  1 5  employees  providing  backup  and  recovery  for 
IT  systems. 


IPR,  Liquid  Hub  and  Protalex  are  among  what 
Innovation  Pennsylvania  president  Richard  Bendis  calls 
"gazelles"  -  fast  growth  companies  that  offer  IT 
professionals  new  opportunities.  "We've  had  some  major 
growth  spurts  recently,"  says  Bendis,  pointing  to  Lockheed 
Martin  Management  &  Data  Systems'  addition  of  more 
than  3,000  jobs  in  the  past  two  years.  "Wages  are  strong 
and  are  in  public  and  privately  held  companies  that  are  in 
specialized  or  niche  areas  that  add  a  high  value,"  he  adds. 

Bendis  says  that  the  most  recent  study  shows  there  are 
442,000  high  tech  jobs  in  the  state.  "That  number 
represents  7.2%  of  all  the  jobs  found  in  Pennsylvania,  a 
relatively  high  number,"  he  says.  With  a  2.5%  annual 
growth  rate  in  high  tech  jobs,  he  expects  the  region  to 
gain  a  significant  share  of  start-up  activity.  Innovation 
Philadelphia  data  shows  that  venture  capital 
investment  for  software  and  services,  connectivity,  biotech, 
healthcare  software  and  information,  and  e-commerce 
totaled  more  than  $251  million  in  2002. 


Overmeyer  says  that  while  Pennsylvania  has  more  than 
14,000  businesses  with  keen  focus  on  information 
technology,  the  number  and  projections  don't  include  early 
stage  growth  or  the  state  angel  fund  program  for  startups. 
"We  listen  for  the  buzz  and  watch  how  many  business 
plans  are  being  shopped  in  a  region  and  the  number  of 


For  more  information  about  IT  Careers  advertising, 

please  contact:  Nancy  Percival 

Vice  President,  Recruitment  Advertising 

800.762.2977 

500  Old  Connecticut  Path 

Framingham,  MA  01701 

Produced  by  Carole  R.  Hedden 


SENIOR  SOFTWARE  ENGI¬ 
NEER  to  design,  develop  and 
integrate  web  based  and 
Windows  based  systems  soft¬ 
ware  using  Microsoft  .Net  plat¬ 
form.  Sun  Java,  SQL  Server, 
ActiveX.  COM/DCOM+  compo¬ 
nents,  HTML/DHTML  and  XML; 
integrate  software  for  provision¬ 
ing  and  diagnosis  with  DHCP 
servers,  routers,  network  switch¬ 
es  and  CMTS  systems  of  net¬ 
works;  perform  system  adminis¬ 
tration;  design,  develop,  ana¬ 
lyze,  test  and  configure  web 
servers  using  Microsoft  DNA 
and  Net  technologies;  develop 
legacy  systems  on  AS/400. 
Require:  Bachelor  (or  equiva¬ 
lent)  with  major  in  Computer 
Science/Information  Systems 
and  five  years  experience  in  the 
job  offered  or  any  experience 
providing  skills  in  the  described 
duties.  Competitive  salary  and 
benefits,  40-hours/week.  Apply 
with  resume  to:  Controller, 
ServiceCentral  Technologies, 
Inc.,  817  W.  Peachtree  Street. 
Suite  400,  Atlanta,  GA  30308. 


Programmers,  Software  Engin¬ 
eers  &  DBAs:  (a)  Design,  devel¬ 
op,  upgrade  &  maintain  complex 
database  in  Sybase,  SQL 
Server,  Oracle,  Sybase  Rep 
Server.  SQL  Server  2000, 
Oracle  9i,  Oracle  &  SQL  Server 
Enterprise  Manager,  ErWin, 
ANSI  SQL.  TSQL  &  other  rel. 
tech.;  (b)  Analyze,  design, 
develop  &  maintain  specialized 
software  apps.  in  Oracle 
Financial  Services  Applications 
Suite  including  Oracle 
Discoverer,  Financial  Analyzer. 
Sales  Analyzer.  Express  Server 
(OLAP)  &  Warehouse  Builder, 
AIM,  Cobol,  Dbase,  FoxBase  & 
other  rel.  tech  Prevailing 
wage/benefits.  Send  resume  to 
Attn:  HR.  3651  Peachtree 
Pkwy.,  Suite  E370,  Suwanee, 
GA  30024.  EOE. 


Principal  Engineer  -  Software 

Design/develop  info  mgmt  sys¬ 
tems  for  use  w/medical  diagnos¬ 
tics  devices.  Utilize  Object  ori¬ 
ented  design  &  programming,  n- 
tier  architectures,  UML,  MS 
Foundation.  Visual  C++,  SQLK 
Server.  Lead  software  architec¬ 
tural  definition.  Conduct  proof  of 
concepts.  Define  code  dvlpmnt 
processes.  Create  user  interface 
&  detailed  software  component 
designs  from  functional  require¬ 
ments.  Construct  &  unit  test  soft¬ 
ware  components.  Integrate 
components  to  build  product. 
Must  be  willing  to  travel  to  pro¬ 
ject  sites  throughout  the  U.S.  on 
short-  or  long-term  assignments. 
Must  have  BS  or  foreign  equiva¬ 
lent  in  Comp  Sci,  Computer  or 
Electrical  Eng  +  4  yrs  exp  in  job 
offered  or  software  engr  &/or 
programmer/analyst.  8am-5pm, 
M-F.  Overtime  as  needed. 
$84,641/yr.  Reply  to  Job  Order 
#WEB  393222,  Site  Manager, 
Beaver  County  CareerLink, 
2103  Ninth  Ave,  Beaver  Falls, 
PA  15010-3957. 


PROGRAMMER/ANALYST  - 
Nashua,  NH.  Analyze,  design, 
program,  implement  &  support 
advanced  computer  applications 
utilizing  C#,  Visual  Basic,  VB 
Script,  ASP.  SQL  Server,  Oracle, 
Java,  Java  Script,  MAGIC  (7.0 
and  above)  under  UNIX  &/or 
Windows  operating  environment 
for  client/server  &/or  internet- 
related  applications.  Analyze  & 
synthesize  business  req.  review¬ 
ing  client's  existing  systems. 
Define  system  req.  &  interfaces, 
test  systems  for  compliance. 
Responsible  for  system  installa¬ 
tion  &  integration  of  middleware 
COM  +  components  w/web 
application  running  under  IIS. 
Req.  Bachelors  in  Comp.  Sci., 
MIS.  or  Comp.  Engineering  plus 
1  yr  exp.  Contact:  International 
Systems  Technologies,  Inc., 
1812  Front  Street,  Scotch 
Plains,  NJ  07076. 


Senior  Software  Engineer 

Design  new  info  mgmt  products 
to  manage  device  data  &  clinical 
results  from  diagnostic  analyz¬ 
ers.  Use  MS  technologies,  SQL 
Server,  NET  framework  & 
Rational  Technologies:  UML, 
XDE,  Requisite  Pro,  Crystal 
Reports.  Develop  detailed  soft¬ 
ware  designs  from  architectural 
documentation.  Implement  soft¬ 
ware  designs  in  code.  Develop 
multilanguage  software.  Create 
user  interface  software  designs 
from  Use  Cases.  Must  be  willing 
to  travel  to  project  sites  through¬ 
out  US  on  short-  or  long-term 
assignments.  Must  have  BS  or 
foreign  equivalent  in  Comp  Sci, 
Mechanical  or  Electrical  Eng  +  4 
yrs  exp  in  job  offered  or  software 
engr  &/or  software  developer. 
8am-5pm,  M-F.  Overtime  as 
needed.  $80,000/yr.  Reply  to 
Job  Order  #WEB  393799. 
Fayette  County  CareerLink, 
Attn:  CareerLink  Program  Sup¬ 
ervisor,  135  Waylan  Smith  Dr, 
Uniontown,  PA  15401. 


PROGRAMMER/ANALYST  - 
Nashua,  NH.  Analyze,  design, 
program,  implement  &  support 
advanced  comp,  applications 
utilizing  Java-based  CORBA, 
Swing.  Java,  Java  Script,  XML, 
HTML,  Weblogic  application 
server  under  UNIX  &/or 
Windows  operating  environment 
for  client/server  8,/or  internet- 
related  applications.  Respon¬ 
sible  for  migration  issues  such 
as  conversions  fr.  BOA-based 
CORBA  to  POA-based  CORBA 
&  integration  of  enterprise  sys¬ 
tems  &  legacy  systems.  Analyze 
&  synthesize  business  req. 
reviewing  client's  existing  sys¬ 
tems.  Define  system  req.  & 
interfaces,  test  systems  for  com¬ 
pliance.  Req.  Bachelors  in 
Comp.  Sci.,  MIS,  or  Engineering 
(any  field)  plus  1  yr  exp. 
Contact:  International  Systems 
Technologies,  Inc.,  1812  Front 
Street,  Scotch  Plains,  NJ  07076. 


SR.  VISUAL  BASIC 
CONSULTANT 

Analyzes  &  evaluates  existing  or 
proposed  software  sys.  Dvlps, 
implmnts  &  improves  programs, 
sys.  &  related  procedures  to  pro¬ 
cess  data  using  in-depth  knowl¬ 
edge  of  the  software  dvlpmnt  life 
cycle.  Encodes,  tests,  debugs  & 
installs  operating  progs.  &  other 
sys.  software  utilizing  advanced 
knowledge  of  Vis.  Basic  prog, 
tools.  Bach,  degree  (or  equiv.)  in 
Comp.  Sci..  Math,  Engnrg,  Bus. 
or  Commerce  +  3  yrs  exp.  in 
position  offered  or  as  a  Software 
Engnr,  Prog.  Analyst  or  Sys. 
Analyst  reqd.  Exp.  must  incl:  (1) 
Oper.  Sys:  Windows  or  UNIX; 
(2)  Prog.  Langs:  Vis.  Basic,  ASP 
&  XML;  &  (3)  Dbases:  Oracle  or 
Sybase  or  SQL  Server.  High 
mobility  preferred.  40  hrs/wk, 
8am  -  5pm,  $66,730/yr.  Quali¬ 
fied  applicants  submit  resume 
to:  Mon  Valley  Regional  Career- 
Link,  Attn:  Actg.  CL  Program 
Supervisor,  Donora  Industrial 
Park,  570  Galiffa  Drive,  Donora, 
PA  15033.  Please  refer  to  Job 
Order  No.  WEB  393214. 


Programmer  Analyst,  multiple 
positions,  to  program,  analyze, 
test,  troubleshoot  and  develop 
real  time  web-based  financial 
business  system  application 
software  installed  in  a  distributed 
client  server  environment  includ¬ 
ing  MS  SQL  Server  2000  and 
MS  IIS  5.0  and  insures  imple¬ 
mentation  in  an  intra/internet 
environment.  May  use  tools  and 
technologies  such  as  VB.NET, 
ADO.NET,  XML  WEB  SER¬ 
VICES,  ASP,  T-SQL,  VB  Script, 
HTML,  MTS.  or  Erwin  as  dictat¬ 
ed  by  particular  project  assign¬ 
ments.  Requires  Bachelor's 
Degree  in  Computer  Science. 
Computer  Engineering,  or  Com¬ 
puter  Science  and  Engineering 
and  one  year  direct  experience. 
Work  location:  Various  unantici¬ 
pated  client  sites.  Send  resumes 
only,  no  calls,  to:  Genome 
International  Corporation,  583 
D'Onofrio  Drive,  Madison,  Wl 
53719. 


SYSTEMS  SOFTWARE  ENGI¬ 
NEER  to  provide  on-site  consul¬ 
tancy  to  analyze,  design,  devel¬ 
op,  implement  and  modify  sys¬ 
tems  software  in  client/server 
and  web  architecture  using  JSP, 
Servlets,  RDBMS,  Oracle, 
WebSphere,  AIX  UNIX,  QMS, 
Visual  Fox  Pro,  Java,  HTML, 
VSAM,  CICS,  VC++,  C++.  VB¬ 
Script,  XML,  HTTP,  WebMeth- 
ods  and  SQL  Server  in  Unix  and 
Windows  environment.  Require: 
Bachelor's  in  Electronics  Engin¬ 
eering/Computer  Science/En¬ 
gineering  and  four  years  experi¬ 
ence  in  the  job  offered  or  any 
experience  providing  skills  in  the 
described  job  duties.  40%  travel 
to  client  sites  within  the  United 
States  required.  Salary:  $68,000 
per  year,  40-hours/week,  8:30 
am  to  5:30  pm.  Apply  with 
resume  to:  Human  Resource 
Manager,  4C  Solutions,  Inc., 
1201  7th  Street,  East  Moline,  IL 
61244. 


Programmer  Analyst.  Sought  by 
Englewood  Colorado  consulting 
company  to  work  in  various 
unanticipated  locations  through¬ 
out  the  U.S.  Duties:  Under  direct 
supervision,  convert  project 
specifications  and  statements  of 
problems  and  procedures  into 
detailed  logical  flow  charts  for 
coding  into  computer  language. 
Develop  and  write  computer 
programs  to  store,  locate  and 
retrieve  specific  documents, 
data,  and  information  Program 
web  sites.  Use  of  HTML,  Java, 
SAP.  Windows  NT.  SQL  Server 
and  DB2.  Reqs.  Bachelor  or 
equivalent  in  Computer  Science. 
Computer  Engineering  or  relat¬ 
ed  field  of  study.  $44, 678/year, 
40/hrs/wk,  8AM-5PM.  Respond 
by  resume  to  EMPLOYMENT 
PROGRAMS,  PO  Box  46547, 
Denver,  CO  80202,  and  refer  to 
Job  Order  No.  C05067250. 


Database  Administrator.  Sought 
by  Englewood  Colorado  consult¬ 
ing  company  to  work  in  various 
unanticipated  locations  through¬ 
out  the  U.S.  Duties:  Coordinate 
changes  to  computer  databas¬ 
es,  test  and  implement  the  data¬ 
base  applying  knowledge  of  da¬ 
tabase  management  systems. 
Plan,  coordinate  and  implement 
security  measures  to  safeguard 
computer  databases.  Use  of 
Java,  Netscape,  HTML,  Oracle, 
iPlanet  Server,  Visual  Cafe  and 
Rational  Rose.  Reqs.  Master  or 
equivalent  in  Computer  Science, 
Computer  Engineering,  Soft¬ 
ware  Engineering,  Engineering 
(any  field).  $65,000/year,  40/hrs/ 
wk,  8AM-5PM.  Respond  by  res¬ 
ume  to  WORKFORCE  DEVEL¬ 
OPMENT  PROGRAMS,  PO  Box 
46547,  Denver.  CO  80202,  and 
refer  to  Job  Order  No. 
CO5067253. 


Director  to  learn  client's  tech, 
reqs.,  develop  custom  solutions, 
proposals,  presentations,  price 
negotiations,  PM,  QA/QC;  strike 
partnerships  with  clients  for  soft¬ 
ware  development  and  consult¬ 
ing  outsourcing;  build  sales 
team  for  targeting  industry  verti¬ 
cals;  evaluate  offshore  develop¬ 
ment  model;  responsible  for  all 
sales  efforts  including  market¬ 
ing.  sales,  and  contracts;  super¬ 
vise  sales  staff;  operate  BPO 
Global  Sales  Unit.  BS  in  Science 
or  equivalent  +  5  yrs.  of  exp.  in 
Marketing/BD/Sales  +  1  yr.  of 
work  exp  w/  Ebix  ASP  & 
eGlobal.  In  lieu  of  BS.  6  yrs.  of 
IT  exp.  in  Marketing/BD/Sales. 
Comp  salary  at  prev.  wages. 
Apply:  HR,  EBIX.  5  Concourse 
Parkway,  #  3200,  Atlanta,  GA 
30328  with  proof  of  permanent 
work  authorization. 
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itcareers.com  is  the  place  where 
your  fellow  readers  are  getting  a 
jump  on  even  more  of  the  world's 
best  jobs.  Now  combined  with 
CareerJournal.com,  you  have  more 
jobs  to  choose  from.  Check  us  out 
at:  www.itcareers.com  or  call: 

(800)  762-2977 


WebMethods  -  EAI  &  B2B 
Certified  Programmer/Analysts: 
Analyze,  design,  develop,  test, 
implement  &  administer  special¬ 
ized  web  apps.  including  e-pro¬ 
curement  8  supply-chain  solu¬ 
tions  in  Web  Methods  4.6  and 
6.0.1.  8  Java  suites.  JDE  One 
World/SAP  Adapter,  Oracle,  MS- 
SQL,  Rational  tools,  EDIINT 
(AS2),  RNIF  1.1  Web/Apps.  on 
Servers  (WebLogic,  Net  dynam¬ 
ics,  Apache  -  Tomcat,  Jboss)  in 
various  OS.  Send  resume  to 
Attn:  Position  101/2004,  66 
Perimeter  Center  East,  Ste.  600, 
Atlanta,  GA  30346.  EOE. 


Solution  Architect  wanted  for 
computer  s/w  and  related 
prof,  services  co.  Requires 
M.S.  in  C.S.,  E.E.  or  related 
engg.  or  tech,  field  plus  3  yrs. 
exp.  with  Jyacc  Jam/Prolifics, 
Scribe  SQR,  Oracle  PL/SQL, 
IBM  Web  Development  Tools, 
multiplatform  Windows/Unix 
env.  Send  resume  to  H  R. 
Dept.,  ViryaNet,  Inc.,  2  Willow 
Street,  Southborough,  MA 
01745. 


Wide  Area  Network  Admin¬ 
istrator.  Min.  Bachelor's  Degree 
in  IT/Engineering/related  field, 
and  2  yrs  exp.  in  IT  position. 
Design,  maintain,  and  trou¬ 
bleshoot  networks  b/w  central 
and  remote  satellite  centers, 
incl.  high-speed  voice,  video, 
voice  and  data  networks  specific 
for  TeleMedicine  purposes,  and 
Medical  Digital  imaging  trans¬ 
mission  systems.  Must  have 
familiarity  with  international  busi¬ 
ness  procedures.  40  hrs/wk, 
9AM-6PM.  Competitive  salary. 
Send  resume  to:  Grove  Dental 
Clinic,  ATTN:  HR,  3400  Payne 
St..  Ste.  101,  Falls  Church,  VA 
22041. 


Systems  Analysts:  Design/ 
develop  accntng./financial 
apps.  conforming  with 
FASB  in  Oracle  Financials 
Suite,  Oracle  RDBMS  & 
related  tools,  Forms, 
Reports,  MS  SQL,  Dev¬ 
eloper/Discoverer,  Lotus 
Notes  in  various  OS.  Travel 
to  client  sites.  Send  Re¬ 
sume  to  3100  Breckinridge 
Blvd.,  Suite  100,  Duluth,  GA 
30096.  EOE. 


Software  Engineers  for  Naper¬ 
ville,  IL  office.  Develop  Software 
applications  using  ASP.  XML, 
UML,  Coolgen,  Interwoven, 
DB2,  JCL,  Rational/Mercury 
testing  tools.  Clear  Case, 
Oracle,  AOL,  Developer  2000, 
Designer  2000.  Bachelors  or 
Equivalent  req'd  in  Computers, 
Math,  Engineering  or  related 
field  of  study  +  1  yr  of  related 
exp.  40  hrs/wk.  Must  have  legal 
authority  to  work  permanently  in 
the  US.  Send  resume  to  HR 
Manager,  TDK  Solutions,  LLC, 
48383  Fremont  Blvd,  Ste  118, 
Fremont.  CA  94538. 


Programmer  Analyst  needed 
with  the  following  technical 
skills:  VB  NET,  Visual  Basic. 
ADO.NET,  Web  Services. 
SOAP,  ASP  (VB  Script,  JAVA 
Script),  Visual  InterDev,  HTML, 
DHTML,  SQL  Server.  Crystal 
Reports,  Windows  NT,  Windows 
2000,  Data  Modeling,  Erwin 
Reqmts:  w/2  yrs.  exp.  Mail 
resume  to:  Kaltech  International 
Corporation,  3965  Stone  Village 
Court,  Duluth,  GA  30097,  EOE. 


IT  Professionals  needed. 
Bristol,  PA  company  is 
seeking  qualified  candi¬ 
dates  for  several  senior  and 
mid-level  positions  includ¬ 
ing:  Software  Engineers, 
Programmer  Analysts.  Re¬ 
quires  MS/BS  or  equivalent 
and/or  rel.  work  exp.  Email 
res.,  ref.  &  sal.  req.  to: 
hrd@svstemsDeoDle.com. 


Sr.  Project  Mgr  sought  by 
Engg  servs  consulting  Resp: 
project  mgmt  Telecom,  IT  & 
Security;  planning  &  acct 
dvlpmt,  project  team,  directing 
tech/support  personnel;  prop, 
creation  &  delivery,  coord'n 
pre-post-sales  &  operation. 
Req;  Bach  comp  sci,  MIS, 
Engg  (Systems,  Ind  or  rel 
field).  Exp.  Eng/Port/Span. 
Comp.  Sal.  Techno- 
Management,  Inc.,  4108 
Laguna  St,  Coral  Gables,  FL 
33146.  Fax:  (305)444-2008, 


Software  Engineer  (St.  Louis, 
MO):  Develop  large-scale  web 
appls.w/  OO  tech,  using  C/C++, 
J2EE  JSP.  Servlets,  EJB,  &  UML 
in  a  n-tier  client/server  on  W2K  / 
NT  /  Unix;  design  enterprise  ap- 
pls.  w/  J2EE  &  Struts  framework; 
formulate  tech,  specs  appls.in 
Websphere/Weblogic  Server  us¬ 
ing  XML,  SQL,  Oracle  &  Clear- 
quest,  and  interface  Oracle  to 
Java  appls.  thru  JDBC;  develop 
use  cases  and  client  side  GUI 
screen  w /  JBuilder  &  Java 
Script,  troubleshoot,  tune  and 
debug.  Require  BS  in  Comp. 
Sc./Comp.Engr.  w/  min.  3  yrs. 
exp.  Full-time.  Resume  to:  HR, 
TechnoSmarts,  Inc.  444  Chest¬ 
erfield  Cte.,  Ste.210,  St.  Louis. 
MO  63017.  NO  CALL/EOE 


PROGRAMMER  ANALYSTS 
for  Chicago,  IL  office.  Design  & 
Develop  software  applications 
using  Oracle,  C++,  Sybase, 
XML,  UML,  Interwoven,  Cool¬ 
gen.  ClearCase,  ClearQuest, 
Plumtree,  PVCS,  UNIX.  Bach¬ 
elors  or  Equivalent  req'd  in 
Computers,  Math,  Engineering 
or  related  field  of  study  +1  yrs 
of  related  exp.  40  hrs/wk.  Must 
have  legal  authority  to  work 
permanently  in  the  U.S.  Con¬ 
tact  HR  Manager,  Infobahn 
Softworld.lnc.  3140  De  La 
Cruz  Boulevard,  #108, 
Santadara,  CA  95054. 


Programmers  &  Software 
Engineers:  Analyze,  design, 
develop,  test  &  implement  spe¬ 
cialized  apps.  in  (a)  Business 
Objects  8  rel.  product  suite. 
Web  Intelligence,  Imformatica, 
PowerMart.  ASP,  VB,  Crystal 
Reports,  Oracle  8i  &  rel.  tools; 
(b)  PeopleSoft  Supply  Chain 
Mgmt.,  Financial  &  HRMS, 
Oracle  &  rel.  tech.:  (c)  SAS 
Suite,  Teradata,  Sybase, 
Informix,  Oracle  9i  &  rel.  tech.; 
(d)  WebSphere,  Peoplesoft 
HRMS,  Oracle  &  rel.  tools,  Java 
&  rel.  tech.;  (e)  MQ  series, 
WebSphere,  XML,  DB2.  Apache 
Server,  Clearcase,  Java  &  rel. 
tech.;  (f)  Vitria  Businessware, 
VisualCafe,  Weblogic,  C++, 
Sybase,  Java  &  rel.  tech.;  (g) 
Oracle,  ADSM,  SQL,  Ablnitio, 
Sybase,  Informix,  Rational 
Clearcase  and  rel.  tools;  (h) 
PeriphonicsProducer  &  other 
Periphonics  products  for  interac¬ 
tive  voice  response  systems, 
SCCS,  C/C++,  Oracle  8i  & 
Genesys  product  suite;  (i)  SAP- 
SEM,  SAP  R/3,  SAP  BW. 
ABAP/4,  SAP  (SD,  MM.  PP)  & 
rel.  tech;  (j)  Oracle,  SQL  Server, 
Cobol,  CICS,  DB2,  IMSDB/DC, 
TSL  &  rel.  tech.  Send  resume  to 
Software  Technical  Services, 
Inc.,  HR,  2021  Fox  Valley  Drive 
SW,  Rochester,  MN  55902, 
identifying  interested  position(s). 
EOE 


COMPUTER  PROFESSIONALS 

Opportunities  for: 

•  PROCESS  CAPABILITY 
ANALYST 

•  QC  ANALYST 

•  WEB  ARCHITECTS/ 
DEVELOPERS 

•  SYSTEMS  ANALYSTS 

•  WEB  GRAPHIC  DESIGNERS 

•  NETWORK  ENGINEERS 

•  PROGRAMMER/ANALYSTS 

•  SOFTWARE  ENGINEERS 

SKILLS: 

•  COLD  FUSION  •  SPECTRA 

•  ORACLE  •  VISUAL  BASIC 

•  VISUAL  C++  •  SIEBEL  •  ASP 

•  COM,  DCOM  •  JSP  •  HTML 

•  JAVA.  JAVA  BEAN  •  EJB  JAVA 
SERVLETS  •  WEBSPHERE 

•  IBM  MQ  SERIES  •  XML. UML 

•  MTS  •  CLARIFY  •  PERL 

•  OBJECTPERL  •  SPYPERL 

•  SMALLTALK  •  PL/SQL 

•  VISUAL  AGE  •  COBOL.  SPL, 
UNIX 

Visit  our  website  @ 
www.computerhorizons.com 

Attractive  salaries  and  benefits. 
Please  forward  your  resume  to: 
H.R.  Mgr.,  Computer  Horizons 
Corp.,  49  Old  Bloomfield 
Avenue,  Mountain  Lakes,  New 
Jersey  07046-1495.  Call 
973-299-4000.  E-mail:  jobs@ 
computerhorizons.com  An 
Equal  Opportunity  Employer  M/F. 


Software  Engineers,  Prog¬ 
rammer  Analyst,  Systems 
Analyst,  need  for  NH  based  IT 
firm.  Will  need  Bach  +1  yr  exp 
for  Jr.  Level  positions  and 
Masters  +2  yrs  or  Bach  +  5  yrs 
of  exp  for  Sr.  Level  position. 
Various  skills  req:  Oracle,  DB2, 
Sybase,  MS  SQL  Server,  IIS, 
Informix,  C,  C++,  VC++,  C#. 
ASP.NET,  VB.NET,  ADO.NET, 
NET  Framework,  DHTML, 
MFC,  MTS,  ATL,  COM,  COM+, 
ASP,  VB,  J2EE,  Swing, 
JavaScript,  XML,  J  Beans, 
Applets,  RMI,  Corba.  Win  98/ 
2000/NT,  UNIX.  Dataware- 
house,  Business  Intelligence. 
Microstrategy,  Informatics, 
PL/SQL,  ETL,  Erwin.  Business 
Objects,  Cognos,  SAS.  ERP,  i2 
Supply  Chain  software,  i2 
Demand  Mgmt  software,  CRM 
(Siebel,  Peoplesoft.  Microsoft), 
Pro'C,  Peri.  OLAP,  UtranFilter, 
CASN,  ASN2C,  OOAD. 
ASN2PER,  MKPERFIL,  GSM, 
LCS,  WCDMA,  OSE,  TCP/IP. 
UDP/IP,  SS7,  3GPP,  SCM, 
Clearcase,  Rational  Tools. 
Autaomation  Testing  tools.  Apply 
with  2  copies  of  resume  to  H.R 
Dept,  Venteq,  Inc.,  15 
Constitution  Dr.,  Suite  144. 
Bedford,  NH  03110 


Retail  store  chain  is  looking  for 
two  Technical  Analyst  III  (Pro¬ 
grammer  Analysts)  w/job  duties 
that  include:  Primary  responsibil¬ 
ity  for  analysis  &  design  of  com¬ 
pany's  core  retail  applications 
while  providing  leadership  to 
lower  level  positions.  Respon¬ 
sible  for  technical  design  8  de¬ 
ployment  of  complex  retail  sys¬ 
tems.  Assist  in  all  phases  of  sys¬ 
tem  implementation  including 
design,  development,  testing  8 
support.  Work  effectively  w/cus- 
tomers  to  learn  specific  design 
req.  8  perform  analysis  8  design 
of  retail  applications  Analyze 
problems  8  prepare  functional 
workflow  diagrams  as  well  as  de¬ 
tailed  reqs.  of  program  specs. 
Successfully  dev.  8  execute  test 
plans  that  thoroughly  test  appli¬ 
cations  8  allow  for  quality  imple¬ 
mentations  of  new  or  modified 
applications  8  review  results. 
Work  w/mgmt  to  plan  8  justify 
system  enhancements.  Demon¬ 
strate  continuous  effort  to  im¬ 
prove  operations,  decrease  turn¬ 
around  times,  streamline  work 
processes  8  work  cooperatively 
8  jointly  to  provide  seamless 
customer  service.  Experience/ 
Education:  Bachelor's  degree  (or 
equivalent  based  on  combination 
of  education  and/or  work  experi¬ 
ence)  in  computer  science,  plus 
two  yrs  of  experience  in  job 
offered  OR  two  yrs  of  experience 
as  programmer  analyst  and/or 
systems  analyst.  Experience 
should  include  the  following  pro¬ 
gramming  languages  8  operat¬ 
ing  systems:  Oracle,  SQL,  PL/ 
SQL,  Unix,  8  Retek.  Job 
Location:  Matthews,  N.C.  Work 
Schedule:  40  hrs  per  wk/8:00  am 
to  5:00  pm/M-F.  Salary  range: 
$70,000  to  $90,000  per  year. 
Send  resume  to:  Employment 
Security  Commission;  500  W. 
Trade  Street;  Charlotte,  NC 
28202.  Resumes  MUST  include 
the  applicant's  Social  Security 
Number,  DOT  Code  030.162- 
014;  and  Job  Order  No 
NC2648417. 


Programmers,  Software 

Engineers  8  Network/System 
Administrators:  Analyze,  design, 
develop  8  test  apps.  in  (1)  MS 
tech.  including  ASP.NET, 
VB.NET.  C#  8  related  .NET 
tech.,  XML,  HTML,  ASP, 
VB/Java  Script,  COM/DCOM, 
SQL  Server.  Crystal  Reports, 
Visual  ActiveX,  BizTalk  8  rel. 
tools;  (2)  SAP  r/3,  ABAP /  4  pro¬ 
gramming  in  SAP  (BW.  SD,  MM, 
PP  8  FI/CO)  modules,  SAP 
Scripts,  EDI,  Mercator, 
WebSphere,  DB2,  Java  8  rel. 
tech.;  (3)  EDI,  HIPAA,  Cobol, 
Clarify,  SQL  Server,  Sybase, 
VB,  DB2,  Oracle,  Java,  VB  8  rel 
tech.;  (4)  AB-lnitio,  Teradata, 
Clarify,  Oracle,  Toad,  Unix 
Shell/Perl  Scripts  8  rel.  tech.;  (5) 
System  design,  install,  network 
8  administer  AIX,  Solaris  8  NT 
based  servers:  (a)  Apache  Web, 
Websphere  App.,  Veritas 
NetBackup,  Oracle,  MQSeries, 
iPlanet,  Bourne,  Korn,  TCP/IP. 
DB2,  Java.  C,  C++,  BigBrother, 
HumminBird,  Netview  and  relat¬ 
ed  tech.;  (b)  TCP/IP,  SNMP  8 
other  network  protocols,  DHCP, 
DNS,  VPN,  Exchange,  SMS. 
Microsoft  Windows/Sun/Linux 
OS  Versions.  Compaq,  Dell,  IBM 
Enterprise/Proxy  Terminal 
Servers  -  [CCNP  8  MCSE 
required];  Send  resume  to  HR, 
1278  Killian  Knoll  Circie.  Lilburn, 
GA  30047,  identifying  interested 
position(s).  EOE 


Software  Developer 

Design,  develop  and  implement 
customized  software  solutions 
based  on  a  client's  need  and 
business  environment.  Must 
have  Bachelors  Degree  in  Com¬ 
puter  Science  or  in  a  related 
field  8  2  yrs.  exp  or  2yrs.  exp  in 
a  related  position  w/ability  to 
use:  Oracle,  Oracle  Discoverer. 
Developer  2000,  Oracle  Finan¬ 
cial  Analyzer,  Oracle  Sales 
Analyzer  and  Oracle  Applica¬ 
tions  11i  (Techno  Functional), 
Workflow,  Ingres  and  COBOL. 
40.0  hrs./wk  8:00  AM  6:00 
PM  Applicants  send  cover  let¬ 
ter  and  resume  to  Cyber  Korp, 
lnc.,400  West  Lake  Street,  Suite 
216,  Roselle  IL  60172-3572, 
Attn:  HR  MGR 
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NETWORK  ANALYST  Monitor 
and  measure  the  data  network 
performance  and  assets  on  all 
maintenance  issues.  Respon- 
ssible  for  overall  frame  relay  net¬ 
work  performance  and  mainte¬ 
nance  Monitor  and  administer 
the  LAN/WAN  performance 
reporting  tools.  Provide  recom¬ 
mendations  on  system  upgrades 
based  on  performance  stan¬ 
dards.  Utilize  the  Project 
Methodology  within  all  phases  of 
work.  Prepare  required  state¬ 
ment  of  work,  project  work 
plans,  status  reports,  variance 
reports  in  accordance  with  the 
AgFirst  System  Development 
Life  Cycle  for  approved/ 
assigned  projects  and  update 
through  the  project  for  project 
monitoring/reporting.  Participate 
in  the  development  of  written 
procedures  to  support  network 
monitoring  and  maintenance. 
Provide  technical  assistance  to 
all  Lead  and  Senior  Network 
Analysts.  Require:  Bachelor’s 
degree  or  foreign  degree  equiv¬ 
alent  in  Computer  Science,  MIS, 
or  a  closely  related  field,  plus  2 
years  in  the  job  offered  or  as  a 
Network  Administrator/Web  Lab 
Manager  In  lieu  of  Bachelor's 
degree  and  2  years  of  experi¬ 
ence,  a  Master's  degree  in 
Computer  Science  will  be 
accepted.  Experience  gained 
before,  during  and  after  degree 
will  be  accepted.  Must  have 
CCNA  certification.  Send 
resume  to:  Recruiter-Human 
Resources,  AgFirst  Farm  Credit 
Bank,  P.O.  Box  1499,  Columbia, 
SC  29202.  (No  Phone  Calls 
Please) 


Software  Engineers  &  Prog¬ 
rammers:  (1)  Analyze,  design, 
develop,  implement,  test  &  sup¬ 
port  software  specialized  apps. 
in  Client  -  Server  &  AS400  [J2EE 
&  related  tech.,  Rational  Rose, 
RMI,  CORBA,  Iona  Orbix, 
Weblogic  Server,  XSL,  Oracle  & 
related  tools,  CL  400,  RPG  400, 
DB2  400).  (2)  Analyze,  design, 
develop,  test  &  support  middle¬ 
ware  &  front  end  web  based  and 
back  end  apps.  in  J2EE  &  relat¬ 
ed  tech.,  C++,  Weblogic,  IIS, 
Iplanet,  NetScape  Enterprise  & 
Borland  Apps.  Servers.  Send 
Resume  to  attn:  HR,  3761 
Venture  Dr.,  Bldg.  100,  Suite 
240,  Duluth,  GA  30096. 


Paradigm  Infotech  is  looking  for 
programmer/system  analysts, 
DBA,  s/w  engineers.  Candidate 
must  have  BS  with  minimum  1- 
yr  IT  experience.  Good  skills  in 
C/C++,  Java,  Oracle,  WebLogic, 
VB,  HTML,  ERP  are  plus. 
Traveling  is  required.  Apply 
iobs@Daradiaminfotech.com. 

EOE. 

Software  Engineer  wanted  by 
Nuventive  to  develop  Java  Code 
(JSP,  Beans,  Classes),  Write 
SQL  (ANSI  SQL,  Transact  SQL, 
PL  /  SQL)  to  access  MS  SQL 
Server  7.0  &  Oracle  9i.  Min  BS 
with  5-yr  exp.  2yr  using  Oracle 
8.0,  lyr  Sun  One  Tech,  Apache 
Tomcat,  iPlanet  Application  serv¬ 
er.  Contact  hr@nuventive.com. 
EOE. 


Security  Operations  Center 
Director  sought  by  managed 
services  provider  in  Broomfield, 
CO  to  work  in  Broomfield  and 
other  unanticipated  job  sites  in 
the  U.S.  Plans,  coordinates,  and 
implements  measures  in  com¬ 
puter  security  operations  center 
to  safeguard  information  in  com¬ 
puter  system  networks  to  protect 
against  accidental  or  unautho¬ 
rized  modification,  destruction, 
or  disclosure.  Plans  and  imple¬ 
ments  data  security  at  various 
levels  including  system  (UNIX 
tools),  network  (firewalls, 
routers,  packet  filters),  physical 
(biometrics,  access  cards)  and 
application  levels  (encryption, 
public  keys).  Reviews  plans  to 
ensure  compatibility  of  planned 
security  measures  with  estab¬ 
lished  computer  security  system 
software.  Directs  and  coordi¬ 
nates  operations  of  security 
operations  center.  Develops 
and  writes  computer  security 
operations  center  policies  and 
procedures.  Requires  bachelor's 
in  computer  science;one  year 
exp.  planning  and  implementing 
data  security  at  various  levels 
including  system  (UNIX  tools), 
network  (firewalls,  routers,  pack¬ 
et  filters),  physical  (biometric, 
access  cards)  and  application 
levels  (encryption,  public 
keys).M-F;  8am  -  5pm; 
$120,000/yr.  Respond  by 
resume  to  Employment 
Programs,  PO  Box  46547, 
Denver,  CO  80202  and  respond 
to  JON  CO5059626. 


Symphony  Corp.,  head¬ 
quartered  in  Madison,  Wl 
seeking  candidates  for  mid 
&  senior  level  positions: 
Software  Engineers,  Pro¬ 
grammer  Analysts,  Project 
Managers  and  Quality 
Assurance  Technicians. 
Forward  resume,  refer¬ 
ences  &  salary  require¬ 
ments  to:  Symphony,  HR 
Dept.,  608-294-9321  or 
email  to  info@svmphonv.cc. 


Verification  Engineer  -  Perform 
product  testing  requirements 
analysis,  develop  test  plans, 
generate  test  cases,  automate 
testing  procedures  &  conduct 
wireless  product  testing. 
Implement  applications  for 
telecommunications  providers 
using  Java,  2EE,  C++  &  internet 
technologies.  Bach's  deg  in 
Comp  Sci,  Physics  or  Elec 
Engrg  reqd  +  4  yrs  exp  in  job. 
Send  resume  to  Panasonic 
Mobile,  1225  Northbrook  Pkwy, 
Suwanee,  GA  30024  Attn:  D. 
Greer,  RB. 


Retail  store  chain  is  looking  for 
an  Oracle  Developer  to:  Design 
&  code  applications,  forms  & 
reports  based  upon  pre-defined 
functional  reqs  &  high  level 
designs.  Responsible  for  appli¬ 
cation  &  report  design/develop¬ 
ment  in  a  Retek  (or  retail  appli¬ 
cation  e  g.  SAP)  environment. 
Perform  unit  testing  on  complet¬ 
ed  development  projects.  Re¬ 
sponsible  for  on-time  delivery  of 
quality  applications  that  meet  or 
exceed  customer  expectations. 
Work  closely  with  business  ana¬ 
lysts  in  a  team  development 
environment.  Apply  working 
knowledge  of  relational  databas¬ 
es,  programming  languages,  & 
operating  systems  including 
SQL,  SQL  Plus,  Pro*C,  PL/SQL, 
Oracle,  Visual  Basic,  Crystal 
Reports,  SQL  Server,  UNIX  & 
Windows  NT.  Experience/Edu¬ 
cation:  Bachelor's  degree  in 
computer  science  or  related 
field,  plus  two  yrs  of  experience 
in  job  offered  OR  two  yrs  of 
experience  as  programmer  ana¬ 
lyst.  Exper-ience  must  include 
experience  with  Developer  2000 
sufficient  to  perform  application 
development  in  Oracle  Appli¬ 
cations  (HR,  Finance,  &  Payroll) 
&  Retek  Applications  (Merchan¬ 
dising  &  Logistics).  Job  Loca¬ 
tion:  Matthews,  N.C.  Work  Sche¬ 
dule:  40  hours  per  week/8:00 
a.m.  to  5:00  p.m./M-F.  Salary 
Range:  $63,600  to  $85,000  per 
year.  Send  resume  to:  Employ¬ 
ment  Security  Commission:  500 
W.  Trade  Street;  Charlotte,  NC 
28202.  Resumes  MUST  include 
the  applicant's  Social  Security 
Number,  DOT  Code  030.062- 
010.  and  Job  Order  No. 
NC2648415. 


Programmer/Analyst  -  Analyze, 
design,  develop,  test,  support  8 
maintain  application  software 
using  VB,  ASP,  VSS.COM, 
DCOM  and  COM+.  Require: 
Bach.  deg.  (or  foreign  equiv.)  in 
Comp.  Sci.,  an  Engineering  dis¬ 
cipline,  or  closely  related  field, 
w'2  yrs  exp.  as  a  Prog/Analyst; 
Paid  travel  to  various  unantici¬ 
pated  client  sites  within  the  U.S. 
is  required.  8a-5p,  M-F.  Resume 
to:  Corp.  HR,  Systemtec,  Inc., 
246  Stoneridge  Dr.,  Suite  301, 
Columbia,  SC  29210. 


DBAs:  Design,  develop, 

upgrade,  maintain  and  adminis¬ 
trator  complex  databases  in 
Oracle,  Oracle  Apps.,  MS  SQL 
Server,  Oracle  8i,  Sun 
Enterprise  and  related  technolo¬ 
gies  on  various  OS  -  Linux,  Sun 
Solaris,  IBM  AIX,  etc.  Prevailing 
wage/benefits.  Send  resume  to 
Attn:  HR,  295  Henley  Place, 
Duluth,  GA  30097.  EOE. 


Senior/Lead  Test  (Software) 
Engineer:  Assist  QA  Manager  in 
conforming  to  object,  database, 
integration  &  system  quality  test 
standards;  Lead/participate  in 
testing,  incl.  integration,  system, 
performance,  stress,  regression 
&  acceptance  testing;  Dev.  test¬ 
ing  methods;  Write  Product 
Verification  Plan,  Detailed  Test 
Plan,  Test  Outlines  &  Test 
Cases;  Perform  req.  analysis; 
participate  in  technical  reviews; 
Determine  &  implement  tech¬ 
nologies  &  tools  for  QA;  Dev  & 
execute  test  scenarios,  test 
suites/scripts  &  other  artifacts  for 
performing  testing  activities; 
Track  all  paperwork  incl  testing 
results.  Maintain  files  for  out¬ 
lines/reports;  Test  Completion 
Report;  Test  Documentation 
Archival;  Ensure  proper/timely 
testing;  Lead/mentor  test  engi¬ 
neers;  Provide  guidance; 
Interface  w/Development  teams, 
customer  support,  &  client  per¬ 
sonnel;  Must  use  Test 
Automation  Tools,  Defect 
Tracking  Tools,  MSProject, 
MSExcel,  MSWord,  Java 
Programming  &  Java  Testing 
Experience,  incl  tools;  JUnit, 
Ant,  and  IDEs.  Must  have:  BS  in 
comp  sci,  math  or  rel.  field  &  4 
yrs  exp  in  job  or  as  Developer/ 
Programmer.  Principals  only. 
Respond  to  M.  Galloway,  HR 
Manager,  700  King  Farm  Blvd., 
Suite  400,  Rockville,  MD20850 
(Refer  to  Code:  RK). 


JUNIOR  SYSTEMS  ADMINIS- 
TRATOR-Financial  manage¬ 
ment  firm  seeks  Junior  Systems 
Administrator  for  its  250  nodes 
Linux  cluster  for  trading  pro¬ 
grams.  Duties  include  cluster 
administration  (building  Linux 
kernels,  building  packages,  log- 
file  analysis,  writing  automation 
scripts,  monitoring  nodes,  per¬ 
formance  tweaking  &  trou¬ 
bleshooting)  &  management  of 
in-house  support  infrastructure, 
including  daily  administration  of 
users  50PCs  and  250  Sun 
machines,  utilizing  UNIX. 
Backup  administration  using 
Legato  Networker  with  600+ 
tapes.  Bachelor's  degree  in 
Computer  Science  or 
Engineering  (any  field)  and  at 
least  6  month  experience 
required.  Salary  according  to 
experience.  Mail  resume  to 
RTC,  600  Route  25A,  East 
Setauket,  NY  11733,  Attn:  JR. 


Software  Engineer/Architect: 
Research,  dsgn  &  dvlp 
Client/Server  &  distributed 
applns  using  C/C++,  Java, 
VB,  Oracle,  Servlets,  DB 
Lib,  SQL  Svr,  DTS,  C  shell, 
CASE  tools  &  OOAD.  Dsgn 
&  dvlp  RDBs;  dvlp  SQL 
Scripts  &  stored  proc;  admin 
DB  servers.  Req  BS  or  equiv 
in  CS,  Comp  Inf  Sys,  Math 
or  rel  field  &  4  yrs  rel  exp. 
Job  in  Markham  IL  &  client 
sites.  Apply:  HR,  Pixel  Info 
Tech  Corp,  3300  W  159th  St, 
#  206,  Markham,  IL  60246. 


Computer  Analyst 

Heating  Oil  Partners,  L.P.  has  an 
immediate  opening  in  its  Darien, 
Connecticut  facility  for  a 
Computer  Analyst. 

Analyze  user  requirements,  pro¬ 
cedures  and  problems  to  auto¬ 
mate  and/or  improve  existing 
systems,  review  computer  sys¬ 
tem  capabilities,  workflow  and 
scheduling  limitations,  and 
design/write  program  specifica¬ 
tions. 

Must  possess  a  bachelor's 
degree  in  Computer  Science  or 
a  related  field  and  relevant  work 
experience  with  ASP,  Java, 
Applet,  Javascript,  VB  script, 
DHTML,  HTML,  database 
Connectivity,  Java  and  OO 
design.  Visual  Basic,  C  and 
SQL. 

Resume  and/or  cover  letter 
must  reflect  each  requirement 
above  and  specify  reference 
code  CA  or  it  will  be  rejected. 

Forward  resume  to  Eileen  M. 
Pivar,  Manager,  Personnel  and 
Benefits,  Heating  Oil  Partners, 
L.P,  64  Oakland  Avenue,  East 
Hartford,  CT  06108. 


Network  Administrator/Engineer. 
Perform  network  admin.  Main¬ 
tain  services  on  TCP/IP  network 
including  FTP,  News,  DNS, 
SMPT  mail;  WWW  service, 
RADIUS  and  caching  service. 
Develop  tools  to  monitor  net¬ 
work  traffic  on  Unix,  Windows 
system.  Maintain  accounting 
SQL  server  on  Windows.  Install, 
support  new  system  software. 
Monitor  routers,  equipment  in¬ 
cluding  Cisco  and  Xyplex.  Must 
have  2  yrs.  college  in  Comp. 
Sci.,  Engg.  or  related,  including 
6  months  exp.  with  program¬ 
ming  using  C,  Unix,  Windows, 
SQL  Server,  TCP/IP  and  design¬ 
ing  and  maintaining  network 
equipment  including  Cisco. 
Send  resume  to  LISCO,  Attn: 
Ralph  Turner,  108  W.  Palm 
Drive.  Suite  208,  Fairfield,  IA 
52556. 


Field  Service  Engineers:  Install, 
maintain,  and  refurbish  high¬ 
speed  Imaging  systems;  Install, 
maintain  and  troubleshoot  hard¬ 
ware  and  software  as  well  as 
network  and  data  storage  de¬ 
vices  to  insure  connectivity.  Req. 
BS  or  equivalent  (based  on  edu¬ 
cation  or  work  experience  or 
both)  in  Mechanical  Engineering 
or  Electro-Mechanic  Engineer¬ 
ing  with  proficiency  with  Xerox 
DTI 35/61 35/61 80  and  4135/ 
4635  printers,  and  WAN/LAN 
TCP/IP  Ethernet,  Linux  FTP 
Storage.  Fiber  Gateway  Print 
Server.  40hr/wk,  8-5  and  shifts. 
Send  resume  to:  Service  Tech¬ 
nologies,  P.O.  Box  13136, 
Atlanta,  GA;  30324. 


Sr.  SAP  Consultant  (Prod¬ 
uction)  wanted  by  org.  in 
Hauppauge,  NY.  Req'd: 
Masters  (or  US  equiv.)  in 
Engg  Mgmt,  +  1  yr.  of  exp. 
w/SAP  R/3  incl.  SAP 
Variant  Conf.,  complex  pro¬ 
duction  processes/produc¬ 
tion  master  data.  Fluency  in 
German.  Fax  resume  to  F. 
Kurzendoerfer,  (631)  435- 
0069. 


itcareers.com 
can  solve  the 
labyrinth  of 
job  hunting  by 
matching  the 
right  IT  skills 
with  the  right 
IT  position. 
Find  out  more 

A 

at: 

www.itcareers.com 


IT  Education  &  Training 

Contact  the  companies  listed  below 
to  help  you  with  your  training  needs! 


Directory 


To  place  your  ad  please  call  800-762-2977 


CBT  Nuggets 

(888)  507-6283  &  (541)  284-5522 
www.cbtnuggets.com 
Affordable  training  videos  on  CD 
MCSE,  MCDBA,  MCSD,  CCNA, 
Citrix,  Linux,  A+,  Net  + 


J 


IPexpert,  Inc. 

(866)  225-8064 

www.ipexpert.com 

CCIE  (R&S,  SEC,  and  C&S),  CCSP, 

CCNP,  CCNA,  IP  Telephony 
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SaCkSpm  Mark  Gibbs 

Fighting  spam:  My  theory 


hanks  for  all  the  feedback  over 
the  last  two  weeks  about  fight¬ 
ing  spam  by  charging  postage 
for  e-mail.  It  seems  that  a  number  of 
you  fervently  believe  in  the  idea  as 
a  cure  and  are  willing  to  ignore 
what  seem  to  me  to  be  blindingly 
obvious  procedural  and  legal  prob¬ 
lems  with  the  idea. 

On  the  other  hand  one  reader  commented:  “OK, 
pay-per-send  is  wrong.  But  how  do  you  change  the 
economics  of  e-mail  to  discourage  spam?  The  solu¬ 
tion  has  to  be  economic  because  a)  technology 
can  only  try  to  keep  up  with  spammers  (never  get 
ahead), and  b)  laws  only  work  when  people  abide 
by  them. ...  So  how  do  we  change  the  economics 
of  e-mail  so  spammers  can’t  take  advantage  of  a 
system  that  places  all  the  charges  and  burdens  on 
the  recipients  and  not  the  senders?” 

While  a  workable  solution  must  have  an  eco¬ 
nomic  basis,  it  seems  to  me  (and  others)  that  the 
heart  of  the  problem  is  being  able  to  send  e-mail 
anonymously.  Without  much  effort,  a  message  origi¬ 
nator  can  pretend  to  be  whomever  he  pleases  by 
forging  message  headers. 

So  when  I  get  a  message  from  “A.  Reader”  I  have 
no  way  to  validate  the  sender’s  identity  except 
heuristically  (for  example,  if  he  refers  to  a  dialog 


we  had  been  conducting)  unless  he  provides  some 
kind  of  identity  certification. 

Now  if  I  can  verify  his  identity  and  he  spams  me,  I 
can  add  his  identity  to  a  black  list.  Should  he 
change  his  IP  address,  e-mail  platform,  whatever,  his 
identity  still  would  be  visible  and  therefore  I  can 
ignore  him  if  I  wish  —  something  that  is  not  possi¬ 
ble  with  a  simple  domain-based  black  list. 

If  I  can’t  verify  his  identity  then  either  he  is  my 
great  uncle  in  Peoria  who  just  doesn’t  get  the  whole 
identity  verification  thing  and  who  I  would  add  to 
my  white  list  anyway,  or  some  other  newbie  who 
isn’t  serious  about  his  e-mail.  1  make  the  choice  as 
to  whether  I  want  to  deal  with  these  people. 

Weak  verification  is  mostly  what  we  currently 
have.To  validate  your  message  I  have  to  make  what 
you  might  think  of  as  an  “out-of-band”  verification. 
For  example,  if  you  have  included  your  telephone 
number  or  1  know  it  from  other  exchanges  we’ve 
had  then  I  can  call  you  to  confirm  that  you  sent  the 
message.  But  this  is  obviously  not  a  good  method 
when  I  have  to  conduct  thousands  of  verifications 
and  the  majority  of  them  have  no  in-band  (verifi¬ 
able  origination  domain  address)  or  out-of-band 
reference  at  all. 

Strong  verification  is  what  you  get  when  you  sign 
a  message  using  a  digital  certificate  that  1  can  vali¬ 
date  with  a  trusted  third-party  certificate  authority 


The  existing  X.509  infrastructure  works  fine. 

In  the  brave  new  whirl  I’m  suggesting,  businesses 
would  issue  certificates  for  each  employee  who  has 
a  mailbox.You  could  have  a  corporate  mail  server 
sign  messages  on  behalf  of  valid  senders  instead  of 
letting  staff  actually  “have”  their  own  certificate. 

Consumers  could  buy  a  certificate  or  get  a  certifi¬ 
cate  from  an  institution  or  business  they  have  a 
relationship  with, such  as  a  bank  or  telephone 
company.  Or  the  issuer  might  prefer  to  have  con¬ 
sumers  send  messages  via  the  organization’s 
servers.  In  reality,  the  certificate  issuer  wouldn’t  be 
the  actual  certificate  authority  or  mail  service 
provider  unless  it  had  a  compelling  business  rea¬ 
son  to  do  so  —  it  would  outsource  either  or  both 
functions. 

These  institutions  should  go  to  the  trouble  of 
underwriting  these  services  because  in  the  long 
run  if  they  are  to  be  competitive  they  must  be  able 
to  conduct  business  online  reliably  and  efficiently. 

It  would  be  in  their  interest  to  have  an  intimate 
trust  relationship  with  their  customers. 

Although  the  infrastructure  is  complex,  it  has  the 
advantage  of  being  well-proven. This  solution  is 
starting  to  look  complex,  neat  and  right.  But  I’ve  run 
out  of  space  so  we’ll  wrap  up  next  week. 

Interim  thoughts  to  backspin@gibbs.com. 
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News,  insights,  opinions  and  oddities 


By  Paul  McNamara 

There's  something  phishy  here 

My  first  question  to  Dan  Maier, 
spokesman  for  the  Anti-Phishing  Work¬ 
ing  Group,  was:  “How  do  I  know  that  the  e-mail  you  sent  to  me  is  really  from  the 
Anti-Phishing  Working  Group?” 

Maier  laughed,  but  he  also  had  a  serious  answer  to  what  wasn’t  really  a  serious 
question: 

"As  a  matter  of  fact,  one  of  the  items  we  have  on  our  agenda  is  to  start  digitally 
signing  all  e-mail  messages  coming  from  the  group,"  said  Maier,  who  works  for 
Tumbleweed  Communications.  "That’s  one  of  the  solutions  that’s  being  proposed 
to  banks  and  everybody  else  [targeted  by  phishing  attacks]:  to  digitally  sign 
e-mails  so  that  recipients  can  trust  that  they  are  authentic.” 

Such  trust  is  becoming  an  ever-iffier  proposition,  as  phishing  —  the  spoofing  of 
e-mail  and  name-brand  Web  sites  to  fool  consumers  into  coughing  up  personal 
information  —  continues  to  grow  more  common.  Founded  in  November  2003, 
the  group  logged  176  discrete  phishing  attacks  last  month,  up  52%  from  last 
December.  While  Maier  acknowledges  the  numbers  might  reflect  a  learning  curve 
as  victimized  parties  recognize  they  have  a  forum  to  log  incident  reports  — 
www.anti-phishing.org  —  the  evidence  of  a  growing  problem  is  clear. 

Less  clear  is  the  difference  between  legitimate  and  phony  e-mail,  even  through 
the  eyes  of  the  sophisticated  Internet  user. 

"What  I'm  actually  seeing  in  a  lot  of  the  phishing  reports  coming  in  to  the  Anti- 
fishing  Working  Group  is  some  people  are  sending  in  authentic  e-mail  mes¬ 
sages  from  PayPal  and  from  others  and  saying,  'Hey,  I  think  this  is  a  spoofed 
message;  I  think  this  is  a  fraudulent  message,’  when  it’s  actually  a  valid  quarterly 
financial  statement  from  PayPal,  for  example,"  Maier  says. 

“It’s  telling  you  that  people  don't  have  a  way  to  differentiate  valid  messages 
from  non-valid  messages.” 


According  to  the  group’s  January  report,  the  financial  industry  continues  to  be 
hardest  hit  by  the  phishing  phenomenon,  although  eBay  is  the  No.  1  target.  Eight 
percent  of  January  phishing  attacks  exploited  a  Microsoft  browser  vulnerability 
—  since  patched  —  that  lets  Web  site  addresses  be  disguised,  the  group  says. 

More  than  100  companies  and  a  few  hundred  individuals  are  involved  in  the 
group  already,  including  most  of  the  top  banks,  ISPs,  online  retailers  and  organi¬ 
zations  such  as  the  Anti-Spam  Research  Group  and  the  Information  Technology 
Association  of  America.  Microsoft  is  on  board,  as  are  the  Justice  Department, 
FBI  and  FederalTrade  Commission. 

Phishing  clearly  has  the  attention  of  the  e-commerce  world.  But  one  challenge 
these  anti-phishing  parties  face  —  aside  from  thwarting  attacks  —  is  balancing 
the  need  to  warn  consumers  against  the  risk  of  scaring  these  same  consumers 
completely  off  the  'Net. 

"In  particular,  banks  have  spent  a  lot  of  money  trying  to  move  a  lot  of  their  oper¬ 
ations  online  and  make  it  easier  for  their  customers  to  do  business  with  them," 
Maier  says.  "This  can  threaten  a  significant  chunk  of  that. 

“There  is  still  some  ongoing  discussion  about  how  to  educate  and  inform  cus¬ 
tomers  about  how  to  make  them  comfortable  in  doing  business  online.  We’re  still 
working  on  formulating  the  exact  correct  message  that  does  balance  on  that  fine 
line,”  he  says. 

In  addition  to  monitoring  and  measuring  the  problem,  the  group  intends  to  focus 
on  finding  technical  solutions.  AOL  is  already  piloting  one  called  Sender 
Permitted  From,  which  will  allow  for  the  checking  of  IP  addresses  of  domains 
sending  e-mail  against  a  published  list  of  IP  addresses  of  all  the  servers  autho¬ 
rized  to  send  e-mail  from  AOL.  "If  they  don’t  match,  the  message  was  spoofed," 
Maier  says. 

The  group  has  its  work  cut  out  for  it . . .  and  nothing  less  than  the  future  of 
e-commerce  may  hang  in  the  balance. 

There’s  nothing  unclear  about  my  e-mail  address:  buzz@nww.com. 
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Uncompromising  quality.  Affordable  price.  There's  no  better  value 
in  access  routers  than  the  NetVanta  3000  Series  from  ADTRAN. 


Using  a  NetVanta  3000  router,  you  can  outfit  a  remote 
location  with  complete  T1  voice  and  data  communications 
for  50%  less  than  you’re  accustomed  to  paying.  Loaded 
with  standard  features,  and  available  with  very  reasonably 
priced  options,  the  NetVanta  3000  Series  is  everything  you 
need  in  a  router  and  more.  Lower  price  isn’t  the  result  of 
cutting  comers — it’s  the  result  of  smart  engineering. 
Engineering  that’s  backed  by  a  100%  satisfaction  guarantee 
from  ADTRAN,  including  unlimited  telephone  technical 
support  (before  and  after  the  sale),  free  ADTRAN  OS  updates, 
and  a  full  five-year  warranty.  Try  a  NetVanta  3000  router  today. 
And  start  getting  more  out  of  your  router  dollar. 

Why  pay  more? 


Take  the  CLI  Challenge!  Receive  a  free  T-Shirt! 
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The  right  management  should  do  more  than  just  protect. 

It  should  also  enable. 

eTrust"  Security  Management  Software 

In  the  world  of  on-demand  computing,  it's  vital  that  your  IT  environment  be  both  secure  and  accessible.  That's  why  it's  essential  that  you  have 
the  right  security  management  software.  With  eTrust  security  management  software,  you  get  the  very  best  in  access,  identity,  and  threat 
management  all  seamlessly  integrated  with  your  existing  technology.  On  the  one  hand,  you  can  rest  assured,  knowing  that  your  information  is 
safe  from  prying  eyes.  At  the  same  time,  you  don't  have  to  worry  about  partners,  customers  or  employees  being  locked  out  of  areas  that  they 
need  to  access  to  optimize  business.  Best  of  all,  eTrust  can  give  you  a  single  view  of  your  entire  enterprise,  putting  you  in  complete  control.  As 
a  result,  you  can  make  real-time  decisions  based  on  comprehensive  information.  So  if  you're  looking  for  ways  to  minimize  risk  while  maximizing 
your  potential,  or  to  get  a  white  paper,  go  to  ca.com/security. 
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